| 摘 要: 软件受到攻击后将在所执行的系统调用状况中有所体现,因此可将基于系统调用的入侵检测技术应用于软 件漏洞的检测。本文针对无源码的可执行程序,引入系统调用节点和系统调用上下文信息的概念来刻画软件行为的动态 特性和漏洞的位置信息,利用改进的STIDE算法构造软件正常行为特征库来检测并定位漏洞。实验结果表明该方法能够 准确获取软件行为信息,且具有较强的漏洞检测能力。 |
| 关键词: 漏洞检测;行为建模;系统调用短序列;STIDE算法;函数调用链 |
|
中图分类号: TP393.08
文献标识码: A
|
|
| A Study of the Software Vulnerability Detection Method Based on the Short Sequence of System Calls |
|
GE Lixin
|
( Baotou Vocational & Technical College, Baotou 014030, China)
|
| Abstract: After the software is attacked,the influence will be reflected in the status of the executed system call. Therefore,the intrusion detection technology based on system calls can be applied into the detection of software vulnerabilities.In order to analyze the executable program without source code,the concept of the system call node and the context information are introduced to depict the dynamic behavior characteristics of the software and the localization information of the vulnerabilities in this paper.Furthermore,the vulnerabilities can be detected and located by building the normal behavior characteristics library based on the improved STIDE algorithm.The experiment results show that the behavior information of the software can be obtained and the vulnerabilities can be detected accurately by applying the above method. |
| Keywords: vulnerability detection;behavior modeling;the short sequence of system calls;STIDE algorithm;function call chain |
