Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A vulnerability detection method based on kernel control flow graph cyclic verification

A technology of cyclic verification and control flow graph, which is applied in the computer field, can solve the problems of reduced accuracy of vulnerability detection methods, reduced graph similarity, and graph structure differences, etc.

Active Publication Date: 2019-04-23
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF3 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in these methods, if the program under test is modified or re-developed at the program code segment containing the n-day vulnerability, there will be some differences between the vulnerable code segment in the program under test and the graph structure of the original n-day vulnerability. difference
In this case, the similarity of the graph will be reduced, resulting in a decrease in the accuracy of the vulnerability detection method based on the graph structure

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A vulnerability detection method based on kernel control flow graph cyclic verification
  • A vulnerability detection method based on kernel control flow graph cyclic verification
  • A vulnerability detection method based on kernel control flow graph cyclic verification

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] Below in conjunction with accompanying drawing, the present invention will be further described.

[0043] Such as figure 1 As shown, the present invention is based on the vulnerability detection method of nuclear control flow graph circular verification, mainly comprising the following steps:

[0044] 1) Collect an n-day vulnerability from the vulnerability information publishing platform, and generate the CCFG of the n-day vulnerability. The process of collecting n-day vulnerabilities and generating the CCFG is as follows: figure 2 As shown, the specific description is as follows:

[0045] 1a) Collect an n-day vulnerability information from the vulnerability information publishing platform, including the vulnerability number, type, project name involved, and the vulnerability code segment involved, go to 1b).

[0046] 1b) Generate the control flow graph of the vulnerability according to the vulnerability code segment of the n-day vulnerability, and mark the control ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a vulnerability detection method based on kernel control flow graph cyclic verification. The method comprises the steps of 1) generating the CCFG of a n-day vulnerability; 2)generating a to-be-tested program CFG, and searching a core of the vulnerability CCFG in the to-be-tested program CFG; 3) circularly verifying the vulnerability CCFG around the core on the CFG of theprogram to be tested, and calculating the vulnerability rate of the program to be tested; and 4) comparing the vulnerability rate of the to-be-tested program with a threshold value, judging whether the vulnerability exists in the to-be-tested program, positioning the vulnerability according to the position of the candidate vulnerability core, and outputting a vulnerability retrieval report. The invention aims to solve the problem that the n-day vulnerability detection accuracy based on a control flow graph-based vulnerability detection method is not enough, and provides the concept and the technology of kernel control flow graph and cyclic verification and the complete vulnerability detection method based on kernel control flow graph cyclic verification. According to the present invention,the accuracy of the vulnerability mining personnel at the n-day vulnerability is improved, and further the security vulnerability mining capability is improved.

Description

technical field [0001] The invention belongs to the technical field of computers, and in particular relates to a loophole detection method based on cyclic verification of a nuclear control flow graph. Background technique [0002] With the development of the computer industry, computer software has become an integral part of life, and computer systems are widely used in various industries, including medical, education, military, political and new retail and other fields. With the rapid development and popularization of computer systems, software vulnerabilities have become a major problem that threatens the security of computer systems. In the software life cycle, various loopholes appear frequently, which are easy to be exploited by hackers, resulting in property losses. According to data released by MITER, as of November 2018, there were about 109,000 entries in the CVE (Common Vulnerabilities and Exposures, public vulnerability and exposure database), and the number of v...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 段旭吴敬征罗天悦杨牧天倪琛武延军
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products