欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2013, Vol. 30 ›› Issue (2): 278-284.DOI: 10.7523/j.issn.1002-1175.2013.02.021

• 计算机科学 • 上一篇    下一篇

基于符号表达式的未知协议格式分析及漏洞挖掘

罗成, 张玉清, 王龙, 刘奇旭   

  1. 中国科学院研究生院国家计算机网络入侵防范中心, 北京 100049
  • 收稿日期:2011-12-01 修回日期:2012-04-13 发布日期:2013-03-15
  • 通讯作者: 罗成
  • 基金资助:

    国家自然科学基金(61272481)和中国博士后科学基金(2011M500416,2012T50152)资助

Automatic network protocol analysis and vulnerability discovery based on symbolic expression

LUO Cheng, ZHANG Yu-Qing, WANG Long, LIU Qi-Xu   

  1. National Computer Network Intrusion Protection Center, Graduate University, Chinese Academy of Sciences, Beijing 100049, China
  • Received:2011-12-01 Revised:2012-04-13 Published:2013-03-15

摘要:

针对网络通讯软件的Fuzzing技术受限于协议格式,尤其是未知协议难以保证测试效果,提出了基于符号表达式的协议分析方法.将数据包关键处理代码翻译为符号表达式,利用符号表达式的丰富含义加快未知协议格式分析,并依此开发了协议格式分析及漏洞挖掘框架PAVD.通过对亿邮客户端的漏洞测试,验证了PAVD能有效提升协议分析效率,为网络通讯软件Fuzzing测试提供良好的支持.

关键词: 未知协议, Fuzzing, 符号表达式, 漏洞挖掘

Abstract:

Fuzzing is an efficient method for ensuring software security. However, when one tests network-based software using this method, one may obtain unsatisfied results because of lacking the protocol format. To solve this problem, we propose a new protocol analysis technique based on symbolic expression. We use this technique to translate the crucial code into symbolic expressions and accelerate protocol analysis. In addition, we develop a translation framework which contains the function of automatic protocol format analysis and could export the protocol format to Peach platform. Finally, we apply our framework to analyze one target (eyou client) and obtain good results.

Key words: unknown protocol, Fuzzing, symbolic expression, vulnerability discovery

中图分类号: