中国科学院研究生院学报2013,Vol.30Issue(2):278-284,7.DOI:10.7523/j.issn.1002-1175.2013.02.021
基于符号表达式的未知协议格式分析及漏洞挖掘
Automatic network protocol analysis and vulnerability discovery based on symbolic expression
摘要
Abstract
Fuzzing is an efficient method for ensuring software security. However, when one tests network-based software using this method, one may obtain unsatisfied results because of lacking the protocol format. To solve this problem, we propose a new protocol analysis technique based on symbolic expression. We use this technique to translate the crucial code into symbolic expressions and accelerate protocol analysis. In addition, we develop a translation framework which contains the function of automatic protocol format analysis and could export the protocol format to Peach platform. Finally, we apply our framework to analyze one target ( eyou client) and obtain good results.关键词
未知协议/Fuzzing/符号表达式/漏洞挖掘Key words
unknown protocol/Fuzzing/symbolic expression/vulnerability discovery分类
信息技术与安全科学引用本文复制引用
罗成,张玉清,王龙,刘奇旭..基于符号表达式的未知协议格式分析及漏洞挖掘[J].中国科学院研究生院学报,2013,30(2):278-284,7.基金项目
国家自然科学基金(61272481)和中国博士后科学基金(2011M500416,2012T50152)资助 (61272481)
