二进制程序漏洞分析方法研究综述
首发时间:2019-01-14
摘要:软件漏洞挖掘一直是软件安全领域研究的关键问题,目前针对源代码的漏洞分析技术已经相对成熟,但由于二进制代码的设计特点和结构特性与源代码不同,针对源代码的漏洞检测方案无法检测二进制程序存在的安全缺陷。本文将目前已有的针对二进制软件的程序分析方法,分为基于程序文件结构特征的分析方法和基于程序语义特征的分析方法,并着重介绍了针对程序语义信息提取的相关工作。在漏洞检测方面,本文重点介绍了利用机器学习技术进行漏洞检测这一新兴的研究方向,总结了现有工作的同时也指出了在对二进制程序进行漏洞分析的过程中的涉及的关键技术以及发展方向。
For information in English, please click here
A Survey of Research on Binary Program Vulnerability Analysis Methods
Abstract:Software vulnerability detection has always been a key issue in the field of software security. At present, the vulnerability analysis for source code is quite mature, but the design features and structural characteristics of binary code are different from the source code, the vulnerability detection scheme for source code cannot detect binary code. This paper divides the existing program analysis methods of binary code into structure-based and semantics-based, and focuses on the related work of code semantic information extraction. In terms of vulnerability detection, this paper focuses on the emerging research of using machine learning technology for vulnerability detection. We summarizes the existing work and points out the key technologies and developments involved in the vulnerability analysis of binary code.
Keywords: vulnerabilities binary code machine learning
引用
No.****
同行评议
勘误表
二进制程序漏洞分析方法研究综述
评论
全部评论0/1000