基于消息语义解析的软件网络行为分析

doi:10.3724/SP.J.1087.2012.00025

计算机应用 ›› 2012, Vol. 32 ›› Issue (01): 25-29.DOI: 10.3724/SP.J.1087.2012.00025

• 第四届中国计算机网络与信息安全学术会议论文(CCNIS’2011) • 上一篇下一篇

基于消息语义解析的软件网络行为分析

吴逸伦,张博锋,赖志权,苏金树

国防科学技术大学计算机学院，长沙 410073

收稿日期:2011-08-02 修回日期:2011-09-01 发布日期:2012-02-06 出版日期:2012-01-01
通讯作者: 吴逸伦
作者简介:吴逸伦(1987-)，男(回族)，福建莆田人，硕士研究生，主要研究方向：网络与信息安全；张博锋(1978-)，男，陕西铜川人，助理研究员，博士，主要研究方向：网络与信息安全、数据挖掘；赖志权(1986-)，男，江西石城人，博士研究生，主要研究方向：网络与信息安全；苏金树(1962-)，男，福建莆田人，教授，博士生导师，主要研究方向：网络与信息安全。
基金资助:
国家自然科学基金资助项目(60901078);国家863计划项目(2009AA12Z219)

Software network behavior analysis based on message semantics analysis

WU Yi-lun,ZHANG Bo-feng,LAI Zhi-quan,SU Jin-shu

College of Computer, National University of Defense Technology, Changsha Hunan 410073, China

Received:2011-08-02 Revised:2011-09-01 Online:2012-02-06 Published:2012-01-01
Contact: WU Yi-lun

摘要/Abstract

摘要： 通过对软件网络行为的研究，提出了通过结合动态分析软件行为技术和网络消息语义解析技术对软件网络行为进行分析的系统模型。系统主要由动态二进制分析模块、消息语义解析模块和网络行为分析模块组成。通过动态二进制分析，利用行为监控和劫持机制，获取软件对于应用程序编程接口(API)函数和系统函数的调用情况；通过动态污点分析，对消息语义进行解析。实验验证表明，软件行为和消息语义解析的结合可以用于分析软件网络行为。

关键词: 动态二进制分析, 动态污点分析, 消息语义解析, 应用程序编程接口

Abstract: Through studying software network behavior, a new system model for analyzing the software network behavior based on dynamic binary analysis and message semantics analysis was proposed. The system consisted of dynamic binary analysis module, message semantics analysis module and network behavior analyzer. With the dynamic binary analysis, the Application Programming Interface (API) functions and system functions called by software could be obtained; by using the dynamic taint analysis, the message semantics could be extracted. The experimental results show that, combining the dynamic binary analysis and message semantics extraction can be used for analyzing the software network behavior.

Key words: dynamic binary analysis, dynamic taint analysis, message semantics extraction, Application Programming Interface (API)

中图分类号:

TP393.08

吴逸伦张博锋赖志权苏金树. 基于消息语义解析的软件网络行为分析[J]. 计算机应用, 2012, 32(01): 25-29.

WU Yi-lun ZHANG Bo-feng LAI Zhi-quan SU Jin-shu. Software network behavior analysis based on message semantics analysis[J]. Journal of Computer Applications, 2012, 32(01): 25-29.

参考文献

[1]

BETHENCOURT J, SONG D, WATERS B. Analysis-resistant malware ［C］// Proceedings of the 15th IEEE Network and Distributed System Security Symposium. San Diego: The Internet Society Press, 2008: 10-13.

[2]

BELLARD F. QEMU: A fast and portable dynamic translator ［C］// Proceedings of the Annual Conference on USENIX Annual Technical Conference. Berkeley: USENIX Press, 2005: 41-46.

[3]

BAYER U, KRUEGEL C, KIRDA E. TTAnalyze: A tool for analyzing malware ［EB/OL］. ［2011-03-25］. http://www.iseclab.org/projects/ttanalyze/.

[4]

BAYER U. ANUBIS ［EB/OL］. ［2011-03-20］. http://anubis.iseclab.org.

[5]

李根.基于动态测试用例生成的二进制软件缺陷自动发掘技术研究［D］.长沙:国防科学技术大学,2010.

[6]

SCHWARTZ E J, AVGERINOS T, BRUMLEY D. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask) ［C］// Proceedings of 2010 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2010: 317-331.

[7]

SONG D. TEMU ［EB/OL］. ［2011-04-20］. http://bitblaze.cs.berkeley.edu/temu.html.

[8]

SONG D, BRUMLEY D, YIN H. BitBlaze: A new approach to computer security via binary analysis ［C］// Proceedings of 2008 International Conference on Information Systems Security. Berlin: Springer-Verlag, 2008: 1-25.

[9]

WANG T, WEI T, GU G. TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection ［C］// Proceedings of 2010 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2010: 497-512.

[10]

LIN Z, JIANG X, XU D. Automatic protocol format reverse engineering through context-aware monitored execution ［C］// Proceedings of 2008 Network and Distributed System Security Symposium. San Diego: The Internet Society Press, 2008: 1-15.

[11]

COMPARETTI P M, WONDRACEK G, KRUEGEL C. Prospex: Protocol specification extraction ［C］// Proceedings of 2009 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2009: 110-125.

[12]

CABALLERO J, YIN H, LIANG Z. Polyglot: Automatic extraction of protocol message format using dynamic binary analysis ［C］// Proceedings of the 14th ACM Conference on Computer and Communications Security. New York: ACM Press, 2007: 317-329.

基于消息语义解析的软件网络行为分析

Software network behavior analysis based on message semantics analysis

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 8

编辑推荐

Metrics

[1]	刘吉会, 何成万. 基于ECA规则和动态污点分析的SQL注入攻击在线检测[J]. 《计算机应用》唯一官方网站, 2023, 43(5): 1534-1542.
[2]	任玉柱, 张有为, 艾成炜. 污点分析技术研究综述[J]. 计算机应用, 2019, 39(8): 2302-2309.
[3]	罗文塽, 曹天杰. 基于非用户操作序列的恶意软件检测方法[J]. 计算机应用, 2018, 38(1): 56-60.
[4]	李洁, 俞研, 吴家顺. 基于动态污点分析的DOM XSS漏洞检测算法[J]. 计算机应用, 2016, 36(5): 1246-1249.
[5]	曾祥飞, 郭帆, 涂风涛. 基于对象跟踪的J2EE程序动态污点分析方法[J]. 计算机应用, 2015, 35(8): 2386-2391.
[6]	曾诚, 唐永, 朱子龙, 李兵. WordNet应用程序编程接口改进方法及其在Mashup服务发现中的应用[J]. 计算机应用, 2015, 35(11): 3182-3186.
[7]	杜坤凭康绯舒辉孙静. 基于会话关联的软件网络通信行为分析技术[J]. 计算机应用, 2013, 33(07): 2046-2050.
[8]	陈亮郑宁郭艳华徐明胡永涛. 基于Win32 API的未知病毒检测[J]. 计算机应用, 2008, 28(11): 2829-2831.