一种基于代码注入的反漏洞挖掘方法  被引量：1

作　　者：武泽慧 丁文博[1] 袁会杰 魏强[1] 赵艳 WU Zehui;DING Wenbo;YUAN Huijie;WEI Qiang;ZHAO Yan(Information Engineering University,Zhengzhou 450001,China;School of Information Technology,Luoyong Normal University, Luoyang 471934, China)

机构地区：[1]信息工程大学,河南郑州450001 [2]洛阳师范学院信息技术学院,河南洛阳471934

出　　处：《信息工程大学学报》2020年第6期728-734,共7页Journal of Information Engineering University

基　　金：河南省科技攻关项目(192102210128,212102310991);河南省高等学校重点科研项目(21A413001)。

摘　　要：以模糊测试为核心的漏洞挖掘技术在目前众多漏洞挖掘技术中应用范围最广、实际挖掘效果最为显著。为对抗该类挖掘技术,提出一种基于代码注入的反漏洞挖掘方法,首先通过静态分析识别目标程序的导入导出表、低频和高频路径,明确调用关系;然后将目标程序转化为统一的中间表示;最后分别在低、高频路径函数中注入预先设计的伪代码块,注入的伪代码块可以达到降低模糊测试器执行效率、阻断异常监控、干扰覆盖率统计3个目的,实现漏洞挖掘技术的对抗。采用公开测试集和主流模糊测试器进行验证测试,结果表明该方法可以有效降低模糊测试器的执行效率,干扰覆盖率反馈和异常捕获机制,同时对正常用户的负载增加在可接受的范围内。Fuzzing is the most widely used core technology in vulnerability detection and has the most substantial detection ability.However,this technology also brings opportunities for attackers to exploit systems.Attackers can use fuzzing to discover and detect 0-day vulnerabilities to attack and destroy the system.In order to address this problem,we propose an anti-vulnerability detection method,based on code injection,that helps developers protect the released,binary-only software from attackers who are capable of applying state-of-the-art fuzzing techniques.First,we identify the import and export tables,low or high frequency paths,use static data flow and control flow analysis,to explore method call relations correctly.Second,we turn the target program into a uniform intermediate representation.Furthermore,pseudocode blocks are injected into the low and high frequency paths,respectively.Finally,we generate different code obfuscation on the cross-architecture platform to reduce fuzzing efficiency.The injected pseudocode blocks can reduce the execution efficiency of fuzzing,block the monitoring of exceptions,and interfere with code coverage.We apply the method on the public test dataset and the state-of-the-art fuzzers to evaluate its effectiveness.Our evaluation demonstrates that our technique effectively impedes fuzzing audits while introducing a negligible performance overhead.It effectively reduces the number of discovered paths and decreases the number of identified crashes from real-world binaries.

关 键 词：软件安全 漏洞挖掘 模糊测试 代码注入 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]