Research On Detection And Defense Method Of Code Injection Attacks Based On Taint Analysis

In the current complex cyberspace environment,for web applications that lack user authentication and filtering for input data,an attacker can construct a variety of malformed data to make the program violate the original intention of the designer,thus changing the program control flow and then stealing the control of the program,which is the most serious Web security threat currently facing.In view of the fact that the injection-type vulnerability is closely related to the reception of external input behavior,it is a feasible solution to use the taint analysis to detect and eliminate the injection-type vulnerability in the procedure from both the induction principle and the practice.Based on the above conditions,a detection and defense model based on dynamic taint analysis is proposed.By introducing a aspect unit in aspect-oriented programming,the taint analysis process is encapsulated,making the typical program cross-cutting concerns from the grassroots level.The separation in the subsystem effectively solves the problem of the vulnerability detection code being dispersed and entangled in the business logic module.And the notification mechanism dynamically loads various detection components to implement the repair code at runtime,thus coping with the typical code injection attack methods for Web applications,such as SQL injection and cross-site scripting.The prototype system uses the AspectJ language to implement a probe-based web application self-protection framework,which is easy to use for server-side deployment of Servlet components.The security specification detection code encapsulated by the aspect is automatically woven into the base layer subroutine by the weaving machine,which is highly portable for applications using different programming languages.It is verified by comparison experiments that this is a low-invasive,lightweight and efficient code injection attack detection method,which can realize self-protection process without modifying the application execution engine and source code,thus effectively defending 7 kinds of known SQL injection attack type and mainstream cross-site scripting exploit code,and selected some commercial system attack samples to verify the effectiveness of this method to deal with real attack scenarios.Finally,the feasibility of this method for unknown vulnerability detection is analyzed on the vulnerability principle.