计算机工程2016,Vol.42Issue(11):139-146,8.DOI:10.3969/j.issn.1000-3428.2016.11.023
基于符号执行的Python攻击脚本分析平台
Python Attack Script Analysis Platform Based on Symbolic Execution
摘要
Abstract
The traditional static analysis method cannot handle the interaction between the script and the network,and it introduces inaccessible path.The dynamic analysis needs to set up the experimental environment and needs manual analysis.To solve these problems,this paper proposes a Python attack script analysis platform called PyExZ3 +based on symbolic execution.Through the dynamic symbol execution and path exploration of Python script,it can get the input traffic and the corresponding output attack payload,which can realize the automatic analysis of Python attack script. PyExZ3 + uses loop identification and run time solver optimization strategy to improve the path coverage and the efficiency of symbolic execution.Experimental results show that PyExZ3 +has a higher path coverage and execution efficiency compared with the existing symbolic execution tools,such as CHEF and PyExZ3.Besides,PyExZ3 +can dynamically detect the target script’s payload and perform feasible automated analysis efficiently.关键词
符号执行/Python语言/动态分析/测试数据生成/攻击脚本/路径探索Key words
symbolic execution/Python language/dynamic analysis/test data generation/attack script/path exploration分类
信息技术与安全科学引用本文复制引用
邱洋,王轶骏,薛质..基于符号执行的Python攻击脚本分析平台[J].计算机工程,2016,42(11):139-146,8.基金项目
中国信息安全评测中心科研项目(CNITSEC-KY-2013-009/2)。 ()
