基于语义导向的软件在线升级功能逆向定位  

作　　者：吕小少 舒辉[1] 康绯[1] 黄宇垚 LYU Xiao-shao;SHU Hui;KANG Fei;HUANG Yu-yao(State Key Laboratory of Mathematical Engineering and Advanced Computing,Information Engineering University,Zhenzhou 450001,China)

机构地区：[1]信息工程大学数学工程与先进计算国家重点实验室,郑州450001

出　　处：《计算机科学》2022年第12期353-361,共9页Computer Science

基　　金：国家重点研发计划“前沿科技创新专项”(2019QY1305)。

摘　　要：针对软件在线升级的劫持攻击是网络攻击最常用的手段之一。程序分析是快速自动化评估软件升级安全的重要方法,软件中升级功能函数快速逆向定位是实现静态分析和提高动态分析效率的关键前提。传统的程序分析逆向定位,依靠人工经验,根据字符串、API函数等语义信息的交叉引用链关系来实现,效率较低,且无法实现自动化。为解决该问题,提出了一种基于语义分析与逆向分析相结合的软件升级功能定位方法。首先针对软件二进制程序中常见的语义信息(如字符串、函数名、API函数等),建立一个基于自然语言处理的升级语义分类模型;然后借助逆向分析工具提取软件的语义信息,并通过升级语义分类模型来识别升级语义信息;最后定义了一种函数关系调用图形树上的升级函数关键节点求解算法,对升级函数进行求解。文中设计并实现了一个软件在线升级功能定位原型系统,并对常用的153款软件实施了升级功能逆向定位分析,其中126款软件定位成功。通过定位分析初步评估部分软件升级的安全性,获得CNNVD编号漏洞1个,CNVD编号漏洞5个。The hijacking attack for software online upgrade is one of the most common methods of network attack.Program ana-lysis is an important method to evaluate the security of software upgrade quickly and automatically.Rapid reverse positioning of upgrade functions in software is a key premise to realize static analysis and improve the efficiency of dynamic analysis.Traditional program analysis reverse localization relies on manual experience based on the cross reference chain relation of semantic information,such as string and API function,which is inefficient and cannot be automated.To solve this problem,this paper proposes a software upgrade function localization method based on semantic analysis and reverse analysis.Firstly,an upgrade semantic classification model based on natural language processing is established for common semantic information(string,function name,API function,etc.)in software binary program.Secondly,the software semantic information is extracted by reverse analysis tool,and the upgrade semantic classification model is used to identify the upgrade semantic information.Finally,an algorithm is defined to solve the key nodes of the upgrade function in the graph tree of function call relationship.This paper designs and implements a software online upgrade positioning system,and carries out reverse positioning analysis on 153 commonly used softwares,126 of which are successfully located.The security of some software upgrades is preliminarily evaluated by positioning analysis,and one CNNVD vulnerability and five CNVD vulnerabilities are found.

关 键 词：软件在线升级 语义信息 文本分类模型 二进制程序逆向分析 函数定位 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]