期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种改进的补丁比较模型的研究与实现 被引量:2

Research and Implementation of an Improved Patch Comparison Technique Model
在线阅读 下载PDF
导出
摘要 补丁比较技术可以定位程序补丁前后的差异,在漏洞发掘、病毒变种分析等领域得到了广泛的应用。以结构化比较技术为基础,建立了层次化的补丁比较模型IPCTM(Improved Patch Comparison Technique Model);改进了固定点传播算法,提出了一种针对错误匹配的修正机制;设计了控制流图重构和代码辅助匹配策略,增加了对未配对函数和基本块的补充处理。实验结果表明,IPCTM能够准确识别语义变动,消除部分非语义变动带来误差,有效减少了后续分析的工作量。 Patch comparison technology is able to locate the changes between different versions of executable files,and has gradually been applied in vulnerability disclosure,malware variants analysis and so on.Based on the structural comparison technology,this paper first presents a new model of patch comparison,which is called IPCTM(Improved Patch Comparison Technique Model).In IPCTM,the accuracy of fixed-point's propagation technology is improved by proposing a rectifying mechanism for the erroneous matching.Additionally,control-flow-graph reconstruction and code assisting match are designed,and additional disposal policies for unmatched functions and basic blocks are presented.The experiment results show that IPCTM is able to identify semantic differences and eliminate syntactic differences,and then the workload of subsequent analysis is effectively reduced.
作者 潘璠 吴礼发 孙传鲁 李华波 洪征
机构地区 解放军理工大学指挥自动化学院
出处 《南京邮电大学学报(自然科学版)》 北大核心 2012年第2期75-83,113,共10页 Journal of Nanjing University of Posts and Telecommunications:Natural Science Edition
基金 江苏省自然科学基金(BK2010132)资助项目
关键词 补丁比较 固定点传播 图同构 回溯搜索 patch comparison fixed-points propagation graph isomorphism backtracking search
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
作者简介 潘瑶(1987-),男,安徽芜湖人。解放军理工大学指挥自动化学院博士研究生。研究方向为漏洞挖掘、协议逆向分析。通讯作者:潘璠电话:(025)80824536E-mail:fanpan1987@gmail.com 吴礼发(1968-),男,湖北蕲春人。解放军理工大学指挥自动化学院教授,博士生导师。 孙传鲁(1982-),男,山东济南人。解放军理工大学指挥自动化学院硕士研究生。研究方向为漏洞挖掘。 李华波(1981-),男,湖北公安人。解放军理工大学指挥自动化学院讲师,博士研究生。研究方向为网络安全。 洪征(1979-),男,江西南昌人。解放军理工大学指挥自动化学院副教授,博士。研究方向为网络安全。
  • 相关文献

参考文献16

  • 1曾鸣,赵荣彩,王小芹,姚京松.一种基于反汇编技术的二进制补丁分析方法[J].计算机科学,2006,33(10):283-287. 被引量:9
  • 2BAYER U,KIRDA E,KRUEGEL C.Improving the Efficiency of Dynamic Malware Analysis[C]∥Symposium on Applied Comput-ingm.New York:ACM,2010:1871-1878.
  • 3KINABLE J,KOSTAKIS O.Malware classification based on call graph clustering[J].Journal in Computer Virology,2010,7(1):1-13.
  • 4CESARE S,Y XIANG.Classification of malware using structured control flow[C]∥Proc of the8th Australasian Symposium on Paral-lel and Distributed Computing.Australian:Computer Society,2010:61-70.
  • 5TODD S.Comparing binaries with graph isomorphism[EB/OL].(2004-06-30)[2011-03-22].http:∥razor.bindview.com/pub-lish/papers/comparingbinaries.html.
  • 6FLAKE H.Structural comparison of executable objects[C]∥Pro-ceedings of the IEEE Conference on Detection of Intrusions and Mal-ware and Vulnerability Assessment(DIMVA).Doltmund:IEEE,2004:161-173.
  • 7SCOTT M,ZHENG W,KEN P.Bmat-a binary matching tool for stale profile propagation[J].Journal of Instruction-Level Parallelism,2000,2(3):1-6.
  • 8DULLIEN T,ROLLES R.Graph-based comparison of executable ob-jects[EB/OL].(2005-08-17)[2011-03-22].http:∥www.sabre-security.com/files/BinDifSS-TIC05.pdf.
  • 9DEBIAN G,MICHAEL R,DAWN S.Binhunt:Automatically finding semantic differences in binary programs[C]∥Proceedings of the In-ternational Conference on Information and Communications Security.2008:238-255.
  • 10FUNNYWEI.Structural signature and structuring signature[EB/OL].(2005-11-10)[2011-03-22].http:∥Hxcon.xFocus.net/archives/2005/xcon2005-funnywei.pdf.

二级参考文献16

  • 1Scott McFarling, Zheng Wang, Ken Pierce. Bmat: a binary matching tool[C]. Znd ACM Workshop on Feedback-Directed Optimization, November 1999.
  • 2Scott McFarling, Zheng Wang, Ken Pierce. Bmat-a binary matching tool for stale profile propagation[J]. The Journal of Instruction-Level Parallelism(JILP), 2, May 2000.
  • 3Halvar Flake. Structural comparison of executable objects[C]. In DIMVA, 2004, 161-173, 2004.
  • 4Thomas Dullien, Ruhr-Universitaet Boehum. Graph-based comparison of executable objeets[EB/OL], http://www, sabre-security, eom/files/BinDiffSSTIC05, pdf, 2005.
  • 5Todd Sabin. Comparing binaries with graph isomorphism[EB/ OL]. http://razor, bindview, corn/publish/papers/comparingbinaries, html, 2004.
  • 6Douglas B West. Introduction to graph theory[M]. Second Edition, Prentice Hall/Pearson, 2001.
  • 7Steven S Muchnick. Advanced compiler design and implementation[M]. Morgan Kaufmann, 1997.
  • 8Aho A V,Sethi R,Ullman J D.Compilers Principles,Techniques,and Tools[M]北京:机械工业出版社,2003.
  • 9Hoqlund G,Mcgraw G.Exploiting Software:How to Break Code.Addison Wesley,2004
  • 10Currie D W,Hu A J,Rajan S.Automatic formal verification of DSP software.In:Proceedings of the 37th Annual ACM IEEE Conference on Design Automation(DAC'00),ACM Press,2000.130~135

共引文献9

同被引文献23

  • 1臧威,李锋.任意图的同构判定算法:特征向量法[J].计算机辅助设计与图形学学报,2007,19(2):163-167. 被引量:11
  • 2Maiti A, Tripathy B. Applying colored-graph isomorphism forelectrical circuit matching in circuit repository[J]. InternationalJournal of Computer Science Issues, 2012, 9(3): 391-395.
  • 3Ma X Y, Hu C C, Chen K, et al. Error tolerant address configurationfor data center networks with malfunctioning devices[C]//Proceedings of the 32nd IEEE International Conference onDistributed Computing Systems. Los Alamitos: IEEE ComputerSociety Press, 2012: 708-717.
  • 4Garey M R, Johnson D S. Computers and intractability: a guideto NP-completeness[M]. New York: Freeman, 1979.
  • 5Luks E M. Isomorphism of graphs of bounded valence can betested in polynomial time[J]. Journal of Computer and SystemSciences, 1982, 25(1): 42-65.
  • 6Cordella L P, Foggia P, Sansone C, et al. A (sub)graph isomorphismalgorithm for matching large graphs[J]. IEEE Transactionson Pattern Analysis and Machine Intelligence, 2004,26(10): 1367-1372.
  • 7Shang H L, Li F, Tang X D, et al. A new algorithm for isomorphismdetermination of undirected graphs-circuit simulationmethod[J]. Circuits Systems and Signal Processing, 2011, 30(5):1115-1130.
  • 8McKay B D, Piperno A. Practical graph isomorphism, II[J].Journal of Symbolic Computation, 2014, 60: 94-112.
  • 9Darga P T, Sakallah K A, Markov I L. Faster symmetry discoveryusing sparsity of symmetries[C] //Proceedings of the 45thACM/ IEEE Design Automation Conference. Los Alamitos:IEEE Computer Society Press, 2008: 149-154.
  • 10Junttila T, Kaski P. Conflict propagation and component recursionfor canonical labeling[M] //Lecture Notes in ComputerScience. Heidelberg: Springer, 2011: 151-162.

引证文献2

二级引证文献7

南京邮电大学学报(自然科学版)
2012年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
关于我们 | 版权声明 | 联系我们 | 帮助中心| 意见反馈
主办单位:上海市教育委员会
技术支持:重庆维普资讯有限公司
渝公网安备 50019002500403号
使用帮助 返回顶部