| 内核驱动的轻量级动态二进制程序分析框架 |
| A lightweight dynamic binary analysis framework driven by the system kernel |
| |
| DOI: |
| 中文关键词: 二进制程序分析;动态分析;系统内核;软件安全;恶意代码 |
| 英文关键词:binary analysis; dynamic analysis; system kernel; software security; malicious code |
| 基金项目:国家自然科学基金(61672299)和南京邮电大学引进人才科研启动基金(NY221036)资助项目 |
| 作者 | 单位 | | 潘家晔 | 南京邮电大学 现代邮政学院,江苏 南京 210003 | | 赵学健 | 南京邮电大学 现代邮政学院,江苏 南京 210003 |
|
| 摘要点击次数: 999 |
| 全文下载次数: 482 |
| 中文摘要: |
| 如今网络攻击活动越来越复杂,为更好地实现防御与溯源等目标,需对攻击代码进行深度分析。同时攻击影响也从桌面终端扩大到路由器、智能家居等物联网设备,新场景需要有轻量化和易部署的程序分析方法。为应对攻击活动分析新形势,提出一种系统内核驱动的轻量级二进制程序分析框架,通过合理利用操作系统实现机制对程序进行动态拦截,从而对目标程序进行细粒度动态分析。在此基础上结合内核特性提出一种优化的动态数据流分析方法,可进一步提升程序细粒度分析能力。通过采用基准程序和实际程序进行大量实验,验证了所提出方法的有效性和较好的分析性能,实验表明分析框架具有较好的可部署性和应用价值。 |
| 英文摘要: |
| Nowadays cyber-attacks have become increasingly complicated. Researchers need to analyze the payload involved in the attacks in depth to better achieve the goals such as intelligent threat extraction and attack traceability. In addition, the attack targets have been extended from traditional terminals to small devices such as routers and intelligent homes. New analysis scenarios require the binary program analysis method to be lightweight and easier to deploy. In order to meet the new requirement of cyber-attack analysis, this paper proposes a lightweight dynamic analysis framework for binary program analysis. It is driven by the operating system kernel. It can dynamically intercept the program execution and perform efficient fine-grained analysis by reasonably integrating the implementation of the operating system. Then, this paper designs an optimized dynamic data flow analysis method combined with the kernel features. It can further improve the fine-grained analysis performance. Considerable experiments are conducted by using benchmark programs and real applications, and the results demonstrate that the framework can achieve a high analytical performance, an easy deployment and good practical applications. |
| 查看全文 查看/发表评论 下载PDF阅读器 |