autodunt: dynamic latent dependence analysis for detection of zero day vulnerability
文献类型:会议论文
| 作者 | Chen Kai ; Lian Yifeng ; Zhang Yingjun |
| 出版日期 | 2012 |
| 会议名称 | 14th International Conference on Information Security and Cryptology, ICISC 2011 |
| 会议日期 | November 30, 2011 - December 2, 2011 |
| 会议地点 | Seoul, Korea, Republic of |
| 关键词 | Cryptography Personal computing |
| 页码 | 140-154 |
| 中文摘要 | Zero day vulnerabilities have played an important role in cyber security. Since they are unknown to the public and patches are not available, hackers can use them to attack effectively. Detecting software vulnerabilities and making patches could protect hosts from attacks that use these vulnerabilities. But this method cannot prevent all vulnerabilities. Some methods such as address space randomization could defend against vulnerabilities, but they cannot find them in software to help software vendors to generate patches for other hosts. In this paper, we design and develop a proof-of-concept prototype called AutoDunt (AUTOmatical zero Day vUlNerability deTector), which can detect vulnerable codes in software by analyzing attacks directly in virtual surroundings. It does not need any source codes or care about polymorphic/metamorphic shellcode (even no shellcode). We present a new kind of dependence between variables called latent dependence and use it to save necessary states for virtual surrounding replaying. In this way, AutoDunt does not need to use slicing or taint analysis method to find the vulnerable code in software, which saves managing time. We verify the effectiveness and evaluate the efficiency of AutoDunt by testing 81 real exploits and 7 popular applications at the end of this paper. © 2012 Springer-Verlag. |
| 英文摘要 | Zero day vulnerabilities have played an important role in cyber security. Since they are unknown to the public and patches are not available, hackers can use them to attack effectively. Detecting software vulnerabilities and making patches could protect hosts from attacks that use these vulnerabilities. But this method cannot prevent all vulnerabilities. Some methods such as address space randomization could defend against vulnerabilities, but they cannot find them in software to help software vendors to generate patches for other hosts. In this paper, we design and develop a proof-of-concept prototype called AutoDunt (AUTOmatical zero Day vUlNerability deTector), which can detect vulnerable codes in software by analyzing attacks directly in virtual surroundings. It does not need any source codes or care about polymorphic/metamorphic shellcode (even no shellcode). We present a new kind of dependence between variables called latent dependence and use it to save necessary states for virtual surrounding replaying. In this way, AutoDunt does not need to use slicing or taint analysis method to find the vulnerable code in software, which saves managing time. We verify the effectiveness and evaluate the efficiency of AutoDunt by testing 81 real exploits and 7 popular applications at the end of this paper. © 2012 Springer-Verlag. |
| 收录类别 | EI |
| 会议主办者 | National Security Research Institute (NSRI); Electronics and Telecommunications Research Institute (ETRI); Korea Internet and Security Agency (KISA); Ministry of Public Administration and Security (MOPAS) |
| 会议录 | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
 |
| 语种 | 英语 |
| ISSN号 | 0302-9743 |
| ISBN号 | 9783642319112 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/15777]  |
| 专题 | 软件研究所_软件所图书馆_会议论文 |
| 推荐引用方式 GB/T 7714 | Chen Kai,Lian Yifeng,Zhang Yingjun. autodunt: dynamic latent dependence analysis for detection of zero day vulnerability[C]. 见:14th International Conference on Information Security and Cryptology, ICISC 2011. Seoul, Korea, Republic of. November 30, 2011 - December 2, 2011. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。