基于PyExZ3的Web攻击流量的采集和分类
|
摘要
目前网络上有海量的攻击流量时刻威胁着Web应用的安全。要想直接对攻击流量进行有效搜集并分析难度很大,而要想通过搭建靶机的方式来搜集也十分费时费力且效率低下。针对上述问题,采用符号执行技术,在开源符号执行引擎PyExZ3的基础上,运用循环优化方法和对符号执行基础类型的完善,弥补了PyExZ3的不足,使得改进后的原型系统能够高效可靠地对绝大部分基于Python的Web攻击脚本进行自动化分析。
At present, there is a huge amount of attack traffic on the network that threatens the security of web applications all the time.It is very difficult to effectively collect and analyze attack traffic directly.It is very time-consuming and inefficient to collect by setting up a target.In response to the above problems, symbolic execution techniques have been employed.Based on the open source symbol execution engine PyExZ3, the loop optimization method and the improvement of the basic types of symbol execution are applied.It compensates for the lack of PyExZ3, enabling the improved prototype system to efficiently and reliably automate the analysis of most Python-based Web attack scripts.
At present, there is a huge amount of attack traffic on the network that threatens the security of web applications all the time.It is very difficult to effectively collect and analyze attack traffic directly.It is very time-consuming and inefficient to collect by setting up a target.In response to the above problems, symbolic execution techniques have been employed.Based on the open source symbol execution engine PyExZ3, the loop optimization method and the improvement of the basic types of symbol execution are applied.It compensates for the lack of PyExZ3, enabling the improved prototype system to efficiently and reliably automate the analysis of most Python-based Web attack scripts.
引文
[1]俞优,顾健,李毅.Web应用安全现状分析及防护建议[J].信息网络安全,2010(07):74-76.YU You,GU Jian,LI Yi.Web Application Security Status Analysis and Protection Suggestions[J].Information Network Security,2010(07):74-76.
[2]King J C.Symbolic Execution and Program Testing[J].Communications of the ACM,1976,19(07):385-394.
[3]Godefroid P,Klarlund N,Sen K.DART:Directed Automated Random Testing[C].ACM Sigplan Notices,2005,40(06):213-223.
[4]Sen K,Marinov D,Agha G.CUTE:a Concolic Unit Testing Engine for C[C].ACM SIGSOFT Software Engineering Note,2005,30(05):263-272.
[5]Cadar C,Ganesh V,Pawlowski P M,et al.EXE:Automatically Generating Inputs of Death[C].ACM,2006:322-335.
[6]Cadar C,Dunbar D,Engler D R.KLEE:Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs[C].OSDI,2008(08):209-224.
[7]邱洋,王轶骏,薛质.基于符号执行的Python攻击脚本分析平台[J].计算机工程,2016,42(11):139-146.QIU Yang,WANG Yi-jun,XUE Zhi.Python Attack Script Analysis Platform Based on Symbolic Execution[J].Computer Engineering,2016,42(11):139-146.
[8]De Moura L,Bj?rner N.Z3:An Efficient SMT Solver[C].International Conference on Tools and Algorithms for the Construction and Analysis of Systems,2008:337-340.
[9]Ball T,Daniel J.Deconstructing Dynamic Symbolic Execution[C].Proceedings of the Marktoberdorf Summer School on Dependable Software Systems Engineering,2015.
[10]秦书锴,王震宇,汪永红,徐凯杰.符号执行中非线性归纳变量循环优化分析方法[J].信息工程大学学报,2017,18(05):630-634.QIN Shu-kai,WANG Zhen-yu,WANG Yong-hong,et al.Optimization and Analysis of the Non-Linear Induction Variable Loop in Symbolic Execution[J].Journal of Information Engineering University,2017,18(05):630-634.
[11]曹诗敏,王娟.特殊网络流量识别综述[J].电脑知识与技术,2018,14(17):22-26,30.CAO Shi-min,WANG Juan.Review of the Special Network Traffic Identification[J].Computer Knowledge and Technology,2018,14(17):22-26,30.
[12]Liu J.Fractal Network Traffic Analysis with Applications[Z].Georgia Institute of Technology,2006.
[13]李海伟.基于网络流量特征的DDos攻击检测方法研究[D].长沙:湖南大学,2010.LI Hai-wei.Research on DDos Attack Detection Method Based on Network Traffic Characteristics[D].Changsha:Hunan University,2010.
[14]王建设,徐忠根.基于分形理论的网络流量异常检测技术[J].科学技术与工程,2018,18(14):48-53.WANG Jian-she,XU Zhong-gen.Network Traffic Anomaly Detection Technology Based on Fractal Theory[J].Science Technology and Engineering,2018,18(14):48-53.
[2]King J C.Symbolic Execution and Program Testing[J].Communications of the ACM,1976,19(07):385-394.
[3]Godefroid P,Klarlund N,Sen K.DART:Directed Automated Random Testing[C].ACM Sigplan Notices,2005,40(06):213-223.
[4]Sen K,Marinov D,Agha G.CUTE:a Concolic Unit Testing Engine for C[C].ACM SIGSOFT Software Engineering Note,2005,30(05):263-272.
[5]Cadar C,Ganesh V,Pawlowski P M,et al.EXE:Automatically Generating Inputs of Death[C].ACM,2006:322-335.
[6]Cadar C,Dunbar D,Engler D R.KLEE:Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs[C].OSDI,2008(08):209-224.
[7]邱洋,王轶骏,薛质.基于符号执行的Python攻击脚本分析平台[J].计算机工程,2016,42(11):139-146.QIU Yang,WANG Yi-jun,XUE Zhi.Python Attack Script Analysis Platform Based on Symbolic Execution[J].Computer Engineering,2016,42(11):139-146.
[8]De Moura L,Bj?rner N.Z3:An Efficient SMT Solver[C].International Conference on Tools and Algorithms for the Construction and Analysis of Systems,2008:337-340.
[9]Ball T,Daniel J.Deconstructing Dynamic Symbolic Execution[C].Proceedings of the Marktoberdorf Summer School on Dependable Software Systems Engineering,2015.
[10]秦书锴,王震宇,汪永红,徐凯杰.符号执行中非线性归纳变量循环优化分析方法[J].信息工程大学学报,2017,18(05):630-634.QIN Shu-kai,WANG Zhen-yu,WANG Yong-hong,et al.Optimization and Analysis of the Non-Linear Induction Variable Loop in Symbolic Execution[J].Journal of Information Engineering University,2017,18(05):630-634.
[11]曹诗敏,王娟.特殊网络流量识别综述[J].电脑知识与技术,2018,14(17):22-26,30.CAO Shi-min,WANG Juan.Review of the Special Network Traffic Identification[J].Computer Knowledge and Technology,2018,14(17):22-26,30.
[12]Liu J.Fractal Network Traffic Analysis with Applications[Z].Georgia Institute of Technology,2006.
[13]李海伟.基于网络流量特征的DDos攻击检测方法研究[D].长沙:湖南大学,2010.LI Hai-wei.Research on DDos Attack Detection Method Based on Network Traffic Characteristics[D].Changsha:Hunan University,2010.
[14]王建设,徐忠根.基于分形理论的网络流量异常检测技术[J].科学技术与工程,2018,18(14):48-53.WANG Jian-she,XU Zhong-gen.Network Traffic Anomaly Detection Technology Based on Fractal Theory[J].Science Technology and Engineering,2018,18(14):48-53.