CN111949984A - Vulnerability defense method and electronic device - Google Patents

Vulnerability defense method and electronic device Download PDF

Info

Publication number
CN111949984A
CN111949984A CN202010856660.5A CN202010856660A CN111949984A CN 111949984 A CN111949984 A CN 111949984A CN 202010856660 A CN202010856660 A CN 202010856660A CN 111949984 A CN111949984 A CN 111949984A
Authority
CN
China
Prior art keywords
target program
program
program data
vulnerability
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010856660.5A
Other languages
Chinese (zh)
Other versions
CN111949984B (en
Inventor
庄新豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202010856660.5A priority Critical patent/CN111949984B/en
Publication of CN111949984A publication Critical patent/CN111949984A/en
Application granted granted Critical
Publication of CN111949984B publication Critical patent/CN111949984B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The embodiment of the application provides a vulnerability defense method and an electronic device, wherein the method comprises the following steps: constructing a mimicry defense architecture which comprises an input agent module, a heterogeneous task pool, a negative feedback control module and a gathering and judging module; inputting target program data into the input agent module; the heterogeneous task pool compiles the received target program data based on multiple languages to form multiple program segments respectively, and processes the multiple program segments to form multiple independently-operated executive tasks; the collecting and judging module obtains the execution results of the multiple executive tasks and determines a target program segment which will generate a vulnerability based on the execution results; the negative feedback control module eliminates the target program segment. According to the vulnerability defense method, the interior of the program is subjected to mimicry transformation, so that program data are changed, the vulnerability can be actively defended, the function base address positioning difficulty can be increased, and the defense capability of the program is improved.

Description

Vulnerability defense method and electronic device
Technical Field
The embodiment of the application relates to the field of network defense, in particular to a vulnerability defense method and electronic equipment.
Background
In the field of network security, software vulnerability analysis is a very important ring, and among many vulnerability types, a buffer overflow vulnerability is the most common vulnerability type. Buffer overflow is divided into stack overflow and heap overflow according to the position of the buffer. The stack buffer overflow means that the buffer overflow is caused by writing contents exceeding the length of the buffer into the buffer of the program, so that the stack of the program is damaged, and the program can execute data constructed by an attacker to achieve the purpose of executing malicious codes.
In the running process of a software system, stack overflow is an important reason causing instability of the software system, and due to the fact that stack overflow has the characteristic of being occasionally seen, the reason causing problems is often difficult to find, and uncertainty of a product research and development period is caused. In analyzing the cause of the vulnerability, it is very necessary to quickly locate the vulnerability occurrence point. If the function call that causes a buffer overflow is referred to as an overflow function, the positioning of the overflow function plays a crucial role.
The existing method for preventing the generation of the stack overflow vulnerability comprises the following steps: intercepting a pop instruction; calling a stack-in instruction corresponding to the pop instruction; judging whether the stack data of the pop instruction and the stack data of the push instruction are consistent or not; and correspondingly processing the pop instruction according to the judgment result. Specifically, the method is implemented in a mode of recording function call base addresses, whether stack overflow attack occurs is judged by comparing whether function base addresses before and after call are the same, an independent detection module is used for stack overflow vulnerability detection, stack overflow attack cannot be defended when the detection module generates stack overflow vulnerability, and in addition, the defense effect is the same as that when the recorded function base addresses before and after execution are changed.
Disclosure of Invention
The application provides a vulnerability defense method which can actively defend vulnerabilities and increase function base address positioning difficulty by performing mimicry transformation on the interior of a program to change program data, and an electronic device applying the method.
In order to solve the above technical problem, an embodiment of the present application provides a vulnerability defense method, including:
constructing a mimicry defense architecture which comprises an input agent module, a heterogeneous task pool, a negative feedback control module and a gathering and judging module;
inputting target program data into the input agent module;
the heterogeneous task pool compiles the received target program data based on multiple languages to form multiple program segments respectively, and processes the multiple program segments to form multiple independently-operated executive tasks;
the collecting and judging module obtains the execution results of the multiple executive tasks and determines a target program segment which will generate a vulnerability based on the execution results;
the negative feedback control module eliminates the target program segment.
Preferably, the inputting target program data into the input agent module includes:
determining target program data with the probability of causing a vulnerability to meet a threshold value in the program data;
and inputting the target program data into the input agent module.
Preferably, the method further comprises the following steps:
the input agent module copies a plurality of copies of the target program data and sends the copies to the heterogeneous task pool;
the heterogeneous task pool compiles the received target program data based on multiple languages to form multiple program segments respectively, processes the multiple program segments to form multiple independently-operated executive tasks, and comprises:
processing each copied target program data to form n independent program segments;
compiling the n independent program segments based on m languages respectively;
combining the compiled program segments to form mnAnd each executive body task constructs a corresponding program stack frame so as to run the corresponding executive body task based on each program stack frame.
Preferably, the summary arbitration module obtains execution results of the plurality of executive tasks and determines a target program segment that will generate a vulnerability based on the execution results, including:
determining a program segment which fails to be executed within preset time as a target program segment which will generate a vulnerability based on the execution result;
marking the target program segment and sending the mark to the negative feedback control module;
and outputting the execution result of successful execution.
Preferably, the negative feedback control module adjusts and eliminates the target program segment, and includes:
eliminating the target program segment from the heterogeneous task pool based on the received tag.
Preferably, the method further comprises the following steps:
and the negative feedback control module schedules one or more program segments in the heterogeneous task pool to cooperate with execution of a data processing task.
Another embodiment of the present invention further provides an electronic device, including:
the input agent module is used for receiving target program data;
the heterogeneous task pool is used for compiling the received target program data respectively based on multiple languages to form multiple program segments and processing the multiple program segments to form multiple independently-operated executive body tasks;
the summary judgment module is used for obtaining the execution results of the multiple executive tasks and determining a target program segment which will generate a vulnerability based on the execution results;
and the negative feedback control module is used for eliminating the target program segment.
Preferably, the input agent module is further configured to determine target program data in the program data, where a probability of causing a vulnerability satisfies a threshold, and input the target program data into the input agent module.
Preferably, the input agent module is further configured to copy multiple copies of the target program data and send the copies to the heterogeneous task pool;
the heterogeneous task pool is also used for processing each copied target program data to form n independent program segments; compiling the n independent program segments based on m languages respectively; combining the compiled program segments to form mnAnd each executive body task constructs a corresponding program stack frame so as to run the corresponding executive body task based on each program stack frame.
Preferably, the summary arbitration module is further configured to determine, based on the execution result, that a program segment that fails to be executed within a preset time is a target program segment that will generate a vulnerability; marking the target program segment and sending the mark to the negative feedback control module; and outputting the execution result of successful execution.
Based on the disclosure of the above embodiment, it can be known that the embodiment of the present application has the beneficial effects that by performing mimicry transformation on the target program data in the program data, a program segment that may generate a bug in the target program data can be found and deleted, and the original program data is changed, so that not only is the risk of generating a bug in the program data reduced, but also due to the change of the program data, a function base address is changed, the positioning difficulty is enhanced, and the capability of the program data itself against the bug is further improved.
Drawings
Fig. 1 is a flowchart of a vulnerability defense method in an embodiment of the present invention.
FIG. 2 is a flowchart illustrating the operation of target program data after entering the mimicry defense architecture according to an embodiment of the present invention.
FIG. 3 is a block diagram of an electronic device according to the present invention.
Detailed Description
Specific embodiments of the present application will be described in detail below with reference to the accompanying drawings, but the present application is not limited thereto.
It will be understood that various modifications may be made to the embodiments disclosed herein. The following description is, therefore, not to be taken in a limiting sense, but is made merely as an exemplification of embodiments. Other modifications will occur to those skilled in the art within the scope and spirit of the disclosure.
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the disclosure and, together with a general description of the disclosure given above, and the detailed description of the embodiments given below, serve to explain the principles of the disclosure.
These and other characteristics of the present application will become apparent from the following description of preferred forms of embodiment, given as non-limiting examples, with reference to the attached drawings.
It should also be understood that, although the present application has been described with reference to some specific examples, a person of skill in the art shall certainly be able to achieve many other equivalent forms of application, having the characteristics as set forth in the claims and hence all coming within the field of protection defined thereby.
The above and other aspects, features and advantages of the present disclosure will become more apparent in view of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present disclosure are described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely examples of the disclosure that may be embodied in various forms. Well-known and/or repeated functions and structures have not been described in detail so as not to obscure the present disclosure with unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present disclosure in virtually any appropriately detailed structure.
The specification may use the phrases "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the disclosure.
Hereinafter, embodiments of the present application will be described in detail with reference to the accompanying drawings.
As shown in fig. 1 and fig. 2, an embodiment of the present invention provides a vulnerability defense method, including:
constructing a mimicry defense architecture which comprises an input agent module, a heterogeneous task pool, a negative feedback control module and a gathering and judging module;
inputting target program data into the input agent module;
the heterogeneous task pool compiles the received target program data into a plurality of program segments respectively based on a plurality of languages, and processes the program segments to form a plurality of independently operated executive tasks;
the collecting and judging module obtains execution results of a plurality of executive tasks and determines a target program segment which will generate a vulnerability based on the execution results;
the negative feedback control module eliminates the target program segment.
Based on the disclosure of the above embodiment, it can be known that the embodiment of the present application has the beneficial effects that by performing mimicry transformation on the target program data in the program data, a program segment that may generate a bug in the target program data can be found and deleted, and the original program data is changed, so that not only is the risk of generating a bug in the program data reduced, but also due to the change of the program data, a function base address is changed, the positioning difficulty is enhanced, and the capability of the program data itself against the bug is further improved. In addition, the method of the embodiment of the present application is different from the previous method for preventing attacks such as stack overflow vulnerability, and the method does not adopt a way of stack backtracking and comparing whether function base addresses before and after calling are the same, but constructs a dynamically redundant program stack frame (the program stack frame is a space for executing a program segment, which is described below) by modifying a program internal data architecture, so that the program stack frame becomes more complex, and thus the attacks such as stack overflow vulnerability are resisted.
Specifically, the inputting of the target program data into the input agent module in this embodiment includes:
determining target program data with the probability of causing a vulnerability to meet a threshold value in the program data;
target program data is input into the input agent module.
Alternatively, it may be determined that data of a critical portion in the program data is target program data. And the rest program data can be subjected to mimicry transformation in the same way, namely, the rest program data is also input into the input agent module for screening and transformation or is not subjected to mimicry transformation, so that the data processing load is reduced, and the data processing load can be determined according to factors such as the importance degree of the program content, the degree of association between the rest program data and the like.
Further, the method in this embodiment further includes:
the input agent module copies a plurality of copies of the target program data and sends the copies to the heterogeneous task pool;
the heterogeneous task pool compiles the received target program data into a plurality of program segments respectively based on a plurality of languages, processes the program segments to form a plurality of independently-operated executive tasks, and comprises the following steps:
processing each copied target program data to form n independent program segments;
compiling the n independent program segments based on the m languages respectively;
combining the compiled program segments to form mnAnd each executive body task constructs a corresponding program stack frame so as to run the corresponding executive body task based on each program stack frame.
For example, the input agent module copies a plurality of copies of the received target program data, the target program data of the plurality of copies being independent of each other and isolated, and then the input agent module sends the data to the heterogeneous task pool to be processed by the heterogeneous task pool. When the method is applied specifically, the input agent module can directly receive target program data or receive all program data, and then the input agent module analyzes and processes all program data to obtain the target program data, or determines the target program data from all program data according to a user instruction, a preset instruction and the like. Furthermore, after receiving the data transmitted by the input agent module, the heterogeneous task pool divides each target program data into a plurality of mutually independent program segments, and then compiles the program segments belonging to the same target program data based on the same programming language, wherein the compiling languages of the program segments belonging to different target program data are different. Then the heterogeneous task pool freely combines the compiled program segments belonging to the same groupAnd forming a plurality of executive tasks, and correspondingly constructing a plurality of program stack frames at the same time, wherein the types of the program stack frames are not unique and can be determined according to parameters such as the size and the position of a proposed execution space. For example, a total of m programming languages, where n program segments belong to the same piece of target program data, may be combined to form mnIndividual executive tasks. That is, the heterogeneous task pool in this embodiment has the capability of randomly scheduling each heterogeneous program segment to complete data processing together, or independently complete data processing separately, and after the task is completed, the heterogeneous task pool sends each processing result to the summary and arbitration module, and after the task is sent, all resources occupied by the current task, such as storage space, are released. The multiple executive tasks in the embodiment are independent of each other, no interaction exists between the executive tasks, when a certain executive task is abnormal, no influence is caused on other executive tasks, and the final execution result of target program data is not influenced, so that tolerance to stack overflow and other vulnerability attacks is greatly enhanced, and the defense capability of the program data is improved.
Further, the summary arbitration module in this embodiment obtains execution results of a plurality of executable tasks, and determines, based on the execution results, a target program segment that will generate a vulnerability, including:
determining a program segment which fails to be executed within preset time as a target program segment which will generate a vulnerability based on an execution result;
marking the target program segment and sending the marking information to a negative feedback control module;
and outputting an execution result of successful execution.
For example, the summary arbitration module receives the execution result, arbitrates the execution result, marks a program segment that cannot be executed in a unit time and fails to execute as a target program segment that generates an abnormal bug, transmits the marking information to the negative feedback control module, and then sends the rest of the execution results to the subsequent execution flows of other defense programs.
After the negative feedback control module receives the information sent by the gathering and judging module, the negative feedback control module adjusts and eliminates the target program segment, and the method comprises the following steps:
the target program segment is eliminated from the heterogeneous task pool based on the received marker information.
Namely, the negative feedback control module determines a target program segment to be eliminated in the heterogeneous task pool based on the marking information and then eliminates the target program segment to prevent the adverse effect of the executive task with the vulnerability such as stack overflow. In addition, target program data is divided in the earlier stage, a program stack frame is added, bad program segments are eliminated at present, the program stack frame is changed, complexity of the program stack frame is greatly improved, and a function base address is not easy to position, so that the capability of the program for resisting bug attacks such as stack overflow is greatly enhanced.
Further, this embodiment further includes:
the negative feedback control module schedules one or more program segments in the heterogeneous task pool to cooperate in executing the data processing task.
In this embodiment, not only the heterogeneous task pool can schedule the internal program segments to execute the tasks, but also the negative feedback control module in this embodiment can schedule the heterogeneous task pool to dynamically select one or more heterogeneous program segments to provide the data processing service, so that the execution of the data processing task can be adjusted by the negative feedback control module based on the decision result, and the overall operation safety of the program data is further ensured.
As shown in fig. 3, another embodiment of the present invention also provides an electronic device, including:
the input agent module is used for receiving target program data;
the heterogeneous task pool is used for compiling the received target program data into a plurality of program segments respectively based on a plurality of languages and processing the program segments to form a plurality of independently operated executive tasks;
the summary judgment module is used for acquiring the execution results of a plurality of executive tasks and determining a target program segment which will generate a vulnerability based on the execution results;
and the negative feedback control module is used for eliminating the target program segment.
Based on the disclosure of the above embodiment, it can be known that the embodiment of the present application has the beneficial effects that by performing mimicry transformation on the target program data in the program data, a program segment that may generate a bug in the target program data can be found and deleted, and the original program data is changed, so that not only is the risk of generating a bug in the program data reduced, but also due to the change of the program data, a function base address is changed, the positioning difficulty is enhanced, and the capability of the program data itself against the bug is further improved. In addition, the method of the embodiment of the present application is different from the previous method for preventing attacks such as stack overflow vulnerability, and the method does not adopt a way of stack backtracking and comparing whether function base addresses before and after calling are the same, but constructs a dynamically redundant program stack frame (the program stack frame is a space for executing a program segment, which is described below) by modifying a program internal data architecture, so that the program stack frame becomes more complex, and thus the attacks such as stack overflow vulnerability are resisted.
Further, the input agent module in this embodiment is further configured to determine target program data in the program data, where a probability of causing a vulnerability satisfies a threshold, and input the target program data into the input agent module. Alternatively, it may be determined that data of a critical portion in the program data is target program data. And the rest program data can be subjected to mimicry transformation in the same way, namely, the rest program data is also input into the input agent module for screening and transformation or is not subjected to mimicry transformation, so that the data processing load is reduced, and the data processing load can be determined according to factors such as the importance degree of the program content, the degree of association between the rest program data and the like.
Further, the input agent module in this embodiment is further configured to copy multiple copies of the target program data, and send the copies to the heterogeneous task pool;
the heterogeneous task pool is also used for processing each copied target program data to form n independent program segments; compiling the n independent program segments based on the m languages respectively; combining the compiled program segments to form mnThe individual executiveAnd constructing corresponding program stack frames to run corresponding executive tasks based on the program stack frames.
For example, the input agent module copies a plurality of copies of the received target program data, the target program data of the plurality of copies being independent of each other and isolated, and then the input agent module sends the data to the heterogeneous task pool to be processed by the heterogeneous task pool. When the method is applied specifically, the input agent module can directly receive target program data or receive all program data, and then the input agent module analyzes and processes all program data to obtain the target program data, or determines the target program data from all program data according to a user instruction, a preset instruction and the like. Furthermore, after receiving the data transmitted by the input agent module, the heterogeneous task pool divides each target program data into a plurality of mutually independent program segments, and then compiles the program segments belonging to the same target program data based on the same programming language, wherein the compiling languages of the program segments belonging to different target program data are different. And then the heterogeneous task pool freely combines the compiled program segments belonging to the same group to form a plurality of executive tasks, and correspondingly constructs a plurality of program stack frames, wherein the types of the program stack frames are not unique, and can be specifically determined according to parameters such as the size, the position and the like of a proposed execution space. For example, a total of m programming languages, where n program segments belong to the same piece of target program data, may be combined to form mnIndividual executive tasks. That is, the heterogeneous task pool in this embodiment has the capability of randomly scheduling each heterogeneous program segment to complete data processing together, or independently complete data processing separately, and after the task is completed, the heterogeneous task pool sends each processing result to the summary and arbitration module, and after the task is sent, all resources occupied by the current task, such as storage space, are released. In this embodiment, the multiple executable tasks are independent of each other, there is no interaction between the executable tasks, and when a certain executable task is abnormal, there is no influence on other executable tasks, and there is no influence on the final execution result of the target program data, so that the influence on the target program data is greatly enhancedTolerance of stack overflow and other vulnerability attacks improves the defense capability of program data.
Further, the summary arbitration module in this embodiment is further configured to determine, based on the execution result, that a program segment that fails to be executed within a preset time is a target program segment that will generate a vulnerability; marking the target program segment and sending the mark to a negative feedback control module; and outputting an execution result of successful execution.
For example, the summary arbitration module receives the execution result, arbitrates the execution result, marks a program segment that cannot be executed in a unit time and fails to execute as a target program segment that generates an abnormal bug, transmits the marking information to the negative feedback control module, and then sends the rest of the execution results to the subsequent execution flows of other defense programs.
After the negative feedback control module receives the information sent by the gathering and judging module, the negative feedback control module adjusts and eliminates the target program segment, and the method comprises the following steps:
the target program segment is eliminated from the heterogeneous task pool based on the received marker information.
Namely, the negative feedback control module determines a target program segment to be eliminated in the heterogeneous task pool based on the marking information and then eliminates the target program segment to prevent the adverse effect of the executive task with the vulnerability such as stack overflow. In addition, target program data is divided in the earlier stage, a program stack frame is added, bad program segments are eliminated at present, the program stack frame is changed, complexity of the program stack frame is greatly improved, and a function base address is not easy to position, so that the capability of the program for resisting bug attacks such as stack overflow is greatly enhanced.
Further, in this embodiment, the negative feedback control module is further configured to schedule one or more program segments in the heterogeneous task pool to cooperate with the execution of the data processing task.
In this embodiment, not only the heterogeneous task pool can schedule the internal program segments to execute the tasks, but also the negative feedback control module in this embodiment can schedule the heterogeneous task pool to dynamically select one or more heterogeneous program segments to provide the data processing service, so that the execution of the data processing task can be adjusted by the negative feedback control module based on the decision result, and the overall operation safety of the program data is further ensured.
The above embodiments are only exemplary embodiments of the present application, and are not intended to limit the present application, and the protection scope of the present application is defined by the claims. Various modifications and equivalents may be made by those skilled in the art within the spirit and scope of the present application and such modifications and equivalents should also be considered to be within the scope of the present application.

Claims (10)

1. A vulnerability defense method, comprising:
constructing a mimicry defense architecture which comprises an input agent module, a heterogeneous task pool, a negative feedback control module and a gathering and judging module;
inputting target program data into the input agent module;
the heterogeneous task pool compiles the received target program data based on multiple languages to form multiple program segments respectively, and processes the multiple program segments to form multiple independently-operated executive tasks;
the collecting and judging module obtains the execution results of the multiple executive tasks and determines a target program segment which will generate a vulnerability based on the execution results;
the negative feedback control module eliminates the target program segment.
2. The method of claim 1, wherein said entering target program data into said input agent module comprises:
determining target program data with the probability of causing a vulnerability to meet a threshold value in the program data;
and inputting the target program data into the input agent module.
3. The method of claim 1, further comprising:
the input agent module copies a plurality of copies of the target program data and sends the copies to the heterogeneous task pool;
the heterogeneous task pool compiles the received target program data based on multiple languages to form multiple program segments respectively, processes the multiple program segments to form multiple independently-operated executive tasks, and comprises:
processing each copied target program data to form n independent program segments;
compiling the n independent program segments based on m languages respectively;
combining the compiled program segments to form mnAnd each executive body task constructs a corresponding program stack frame so as to run the corresponding executive body task based on each program stack frame.
4. The method of claim 1, wherein the aggregate arbitration module obtains execution results of the plurality of executive tasks and determines a target program segment that will produce a vulnerability based on the execution results, comprising:
determining a program segment which fails to be executed within preset time as a target program segment which will generate a vulnerability based on the execution result;
marking the target program segment and sending the marking information to the negative feedback control module;
and outputting the execution result of successful execution.
5. The method of claim 4, wherein the negative feedback control module adjusts the target program segment to be eliminated, comprising:
eliminating the target program segment from the heterogeneous task pool based on the received tag information.
6. The method of claim 1, further comprising:
and the negative feedback control module schedules one or more program segments in the heterogeneous task pool to cooperate with execution of a data processing task.
7. An electronic device, comprising:
the input agent module is used for receiving target program data;
the heterogeneous task pool is used for compiling the received target program data respectively based on multiple languages to form multiple program segments and processing the multiple program segments to form multiple independently-operated executive body tasks;
the summary judgment module is used for obtaining the execution results of the multiple executive tasks and determining a target program segment which will generate a vulnerability based on the execution results;
and the negative feedback control module is used for eliminating the target program segment.
8. The electronic device of claim 7, wherein the input agent module is further configured to determine target program data in the program data that results in a probability of a vulnerability meeting a threshold, and input the target program data into the input agent module.
9. The electronic device of claim 7, wherein the input agent module is further configured to copy multiple copies of the target program data and send the copies to the heterogeneous task pool;
the heterogeneous task pool is also used for processing each copied target program data to form n independent program segments; compiling the n independent program segments based on m languages respectively; combining the compiled program segments to form mnAnd each executive body task constructs a corresponding program stack frame so as to run the corresponding executive body task based on each program stack frame.
10. The electronic device according to claim 7, wherein the summary arbitration module is further configured to determine, based on the execution result, that a program segment that fails to execute within a preset time is a target program segment that will generate a vulnerability; marking the target program segment and sending the marking information to the negative feedback control module; and outputting the execution result of successful execution.
CN202010856660.5A 2020-08-24 2020-08-24 Vulnerability defense method and electronic device Active CN111949984B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010856660.5A CN111949984B (en) 2020-08-24 2020-08-24 Vulnerability defense method and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010856660.5A CN111949984B (en) 2020-08-24 2020-08-24 Vulnerability defense method and electronic device

Publications (2)

Publication Number Publication Date
CN111949984A true CN111949984A (en) 2020-11-17
CN111949984B CN111949984B (en) 2021-10-15

Family

ID=73359990

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010856660.5A Active CN111949984B (en) 2020-08-24 2020-08-24 Vulnerability defense method and electronic device

Country Status (1)

Country Link
CN (1) CN111949984B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102385550A (en) * 2010-08-30 2012-03-21 北京理工大学 Detection method for software vulnerability
CN104268085A (en) * 2014-10-24 2015-01-07 重庆邮电大学 Software vulnerability discovery system and method based on attribute extraction
CN105786688A (en) * 2014-12-23 2016-07-20 华润半导体(深圳)有限公司 Microcontroller application software debugging method
CN108090346A (en) * 2017-12-04 2018-05-29 华中科技大学 A kind of code reuse attack defense method and system based on data stream monitoring
CN108769073A (en) * 2018-07-04 2018-11-06 中国人民解放军战略支援部队信息工程大学 A kind of information processing method and equipment
KR20190092235A (en) * 2018-01-30 2019-08-07 고려대학교 산학협력단 An efficient control-flow integrity vefifing method based on unpredictability
CN110784475A (en) * 2019-10-31 2020-02-11 中国人民解放军战略支援部队信息工程大学 Security defense method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102385550A (en) * 2010-08-30 2012-03-21 北京理工大学 Detection method for software vulnerability
CN104268085A (en) * 2014-10-24 2015-01-07 重庆邮电大学 Software vulnerability discovery system and method based on attribute extraction
CN105786688A (en) * 2014-12-23 2016-07-20 华润半导体(深圳)有限公司 Microcontroller application software debugging method
CN108090346A (en) * 2017-12-04 2018-05-29 华中科技大学 A kind of code reuse attack defense method and system based on data stream monitoring
KR20190092235A (en) * 2018-01-30 2019-08-07 고려대학교 산학협력단 An efficient control-flow integrity vefifing method based on unpredictability
CN108769073A (en) * 2018-07-04 2018-11-06 中国人民解放军战略支援部队信息工程大学 A kind of information processing method and equipment
CN110784475A (en) * 2019-10-31 2020-02-11 中国人民解放军战略支援部队信息工程大学 Security defense method and device

Also Published As

Publication number Publication date
CN111949984B (en) 2021-10-15

Similar Documents

Publication Publication Date Title
US9690936B1 (en) Multistage system and method for analyzing obfuscated content for malware
US10846402B2 (en) Security scanning method and apparatus for mini program, and electronic device
US20040205411A1 (en) Method of detecting malicious scripts using code insertion technique
KR101109393B1 (en) Method and system for filtering communication messages to prevent exploitation of a software vulnerability
US20160359875A1 (en) Apparatus, system and method for detecting and preventing malicious scripts using code pattern-based static analysis and api flow-based dynamic analysis
US11012449B2 (en) Methods and cloud-based systems for detecting malwares by servers
CN109413024B (en) Reverse data verification method and system for multi-mode judgment result of heterogeneous functional equivalent
US7549146B2 (en) Apparatus, systems, and methods for execution-driven loop splitting and load-safe code hosting
US20050154900A1 (en) Detecting malicious computer program activity using external program calls with dynamic rule sets
US10038706B2 (en) Systems, devices, and methods for separating malware and background events
US11429511B2 (en) Device and method for reinforcing control flow integrity of software application
US20180244491A1 (en) Method and an apparatus for determining an allocation decision for at least one elevator
CN116438533A (en) Security policies for software call stacks
CN107908955B (en) A kind of control stream completeness protection method and system based on intermediate language analysis
JP2017174373A (en) System and method for performing antivirus scanning of files on virtual machine
US8458794B1 (en) System, method, and computer program product for determining whether a hook is associated with potentially unwanted activity
US8572729B1 (en) System, method and computer program product for interception of user mode code execution and redirection to kernel mode
CN107239698A (en) A kind of anti-debug method and apparatus based on signal transacting mechanism
CN116527514A (en) Endophytic security cloud service scene construction method, device, equipment and medium
CN111163070A (en) Method, device, equipment and medium for judging correct link of service chain safety deployment under mimicry defense
CN111949984B (en) Vulnerability defense method and electronic device
US9990493B2 (en) Data processing system security device and security method
US8132164B1 (en) System, method and computer program product for virtual patching
US8646025B2 (en) Automated local exception rule generation system, method and computer program product
KR20110032731A (en) Detecting method whether windows kernel is modulated or not

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant