Research On Fast Detection Technology Of Software Online Upgrade Vulnerability

With the rapid development of the Internet and software engineering technology,hijacking attack for software online upgrade has become one of the most threatening means for the cyberspace security.Currently,most of the software upgrade vulnerability detection methods focus on manual reverse analysis and upgrade network traffic analysis,and the efficiency is generally low.Since the huge amount of software with upgrade hijacking vulnerability,rapid automatic detection of software upgrade vulnerabilities has become an urgent task.In order to solve the above problems,this thesis researches the software upgrade vulnerability fast detection method based on program reverse analysis.Through the security analysis of software upgrade behavior,the software upgrade vulnerability rapid detection is realized.Firstly,the process and protection mechanism of software upgrade are deeply studied,and the vulnerability classification model of software upgrade is constructed as the support of vulnerability detection.Then,in order to realize the rapid reverse analysis of software upgrade function,the upgrade code in the software is quickly and statically located through the combination of upgrade semantic information and program static analysis.Finally,an automatic vulnerability analysis and detection method based on software upgrade behavior chain analysis is proposed to quickly detect upgrade vulnerabilities.At the same time,a software upgrade vulnerability detection system is designed and implemented on the basis of the previous research,and a certain number of software upgrade vulnerabilities can be quickly detected.The innovations of this paper are as follows:1.Software upgrade vulnerability classification model is built.On the basis of the general process and security mechanism of software upgrade,the vulnerability classification model of software upgrade is defined.According to different stages of software upgrade,software upgrade vulnerability is divided into communication protocol security vulnerability and software upgrade package verification vulnerability.In order to prove the rationality of software upgrade vulnerability model division,the upgrade behavior of software with related vulnerabilities is tracked,and the form of each vulnerability is studied.This model provides a key support for the analysis and detection of upgrade vulnerabilities.2.This thesis proposes a software upgrade function reverse localization method based on semantic information orientation.The reverse positioning of software upgrade function is an important advance for rapid analysis of software upgrade behavior.Natural language processing and machine learning text classification methods are used to build a classification model for software upgrade semantic information and automatically predict the upgrade related semantic information in software.On the basis of the semantic information of upgrade,the program static analysis method is used to reverse the upgrade function in the upgrade program.This method solves the problem of reverse localization of upgrade function in complex software and is an important basis for reverse analysis of software upgrade behavior.3.A fast vulnerability detection method based on software upgrade behavior chain analysis is proposed.Based on the characteristics of software upgrade vulnerability,a vulnerability detection method of software upgrade behavior chain analysis is proposed.Firstly,the software upgrade behavior chain is defined,which contains several nodes of network communication behavior and crypt behavior.Based on the reverse localization of upgrade function,the software upgrade behavior chain is extracted by dynamic and static program analysis method,and then the vulnerabilities of upgrade behavior chain are detected using vulnerability matching rules.Experimental results show that this method can automatically detect upgrade behavior vulnerabilities,and greatly improve the detection speed while ensuring reliability.4.The software upgrade vulnerability analysis and detection system is designed and implemented.The system is mainly composed of static analysis module and dynamic analysis module.The static analysis module carries on the reverse positioning and static extraction of the upgrading behavior of the input software.Dynamic analysis module uses dynamic binary piling and data flow analysis technology to track software upgrade behavior and detect upgrade behavior vulnerabilities according to vulnerability matching rules.In order to verify the ability of the system to quickly detect software upgrade vulnerabilities,a total of 486 software covering 16 categories were collected and installed from the Internet,and 197 software were found to have upgrade vulnerabilities by analysis of the system.Finally,the performance of the system is compared and analyzed in detail,and the results show the reliability and efficiency of the system to detect upgrade vulnerabilities,which proves that the method in this paper can solve the task of rapid detection of software upgrade vulnerabilities well.