通信技术
通信技術
통신기술
COMMUNICATIONS TECHNOLOGY
2013年
9期
79-82
,共4页
应用层载荷特征%程序不变量%动态污点传播
應用層載荷特徵%程序不變量%動態汙點傳播
응용층재하특정%정서불변량%동태오점전파
application-layer payload signature%program invariants%dynamic taint analysis
应用层载荷特征是一种使用广泛、识别率高的指纹,但其生成主要依赖手工分析。针对该类特征的自动生成问题,提出一种基于程序不变量的指纹提取方法。该方法对应用程序进行插桩,跟踪应用程序处理协议数据包的过程,生成程序状态集并从中检测程序不变量,结合协议数据包中各个域的污点传播记录,获得数据包中存在的域间关系,进而提取出协议指纹。该方法具有效率高、不需分析协议语法语义、生成指纹精确性高等特点。
應用層載荷特徵是一種使用廣汎、識彆率高的指紋,但其生成主要依賴手工分析。針對該類特徵的自動生成問題,提齣一種基于程序不變量的指紋提取方法。該方法對應用程序進行插樁,跟蹤應用程序處理協議數據包的過程,生成程序狀態集併從中檢測程序不變量,結閤協議數據包中各箇域的汙點傳播記錄,穫得數據包中存在的域間關繫,進而提取齣協議指紋。該方法具有效率高、不需分析協議語法語義、生成指紋精確性高等特點。
응용층재하특정시일충사용엄범、식별솔고적지문,단기생성주요의뢰수공분석。침대해류특정적자동생성문제,제출일충기우정서불변량적지문제취방법。해방법대응용정서진행삽장,근종응용정서처리협의수거포적과정,생성정서상태집병종중검측정서불변량,결합협의수거포중각개역적오점전파기록,획득수거포중존재적역간관계,진이제취출협의지문。해방법구유효솔고、불수분석협의어법어의、생성지문정학성고등특점。
Application-layer payload signature is widely used and has high recognition rate, while its extraction is always dependent on manual analysis. To automatically extract the application-layer payload signature, a method based on program invariants is proposed. With program instrument technology, the program process in dealing with network packets is tracked and program status set generated and updated, and from this the program invariants are detected. Combined with taint analysis, the relationship between the invariants and packet fields is confirmed and fingerprints are revealed. This method is of high efficiency and accuracy, with no need to analyze the protocol specification.
