CN115309402A - Method and device for forming heterogeneous execution sequence set capable of quantifying differences - Google Patents
Method and device for forming heterogeneous execution sequence set capable of quantifying differences Download PDFInfo
- Publication number
- CN115309402A CN115309402A CN202210820600.7A CN202210820600A CN115309402A CN 115309402 A CN115309402 A CN 115309402A CN 202210820600 A CN202210820600 A CN 202210820600A CN 115309402 A CN115309402 A CN 115309402A
- Authority
- CN
- China
- Prior art keywords
- heterogeneous
- program
- programs
- execution
- executive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000004364 calculation method Methods 0.000 claims description 12
- 230000004044 response Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 6
- 230000008859 change Effects 0.000 claims description 2
- 238000012163 sequencing technique Methods 0.000 claims 1
- 230000007123 defense Effects 0.000 abstract description 13
- 230000009466 transformation Effects 0.000 abstract description 4
- 230000000694 effects Effects 0.000 abstract description 3
- CIWBSHSKHKDKBQ-JLAZNSOCSA-N Ascorbic acid Chemical compound OC[C@H](O)[C@H]1OC(=O)C(O)=C1O CIWBSHSKHKDKBQ-JLAZNSOCSA-N 0.000 description 32
- 239000012634 fragment Substances 0.000 description 21
- ZZZCUOFIHGPKAK-UHFFFAOYSA-N D-erythro-ascorbic acid Natural products OCC1OC(=O)C(O)=C1O ZZZCUOFIHGPKAK-UHFFFAOYSA-N 0.000 description 16
- 229930003268 Vitamin C Natural products 0.000 description 16
- 235000019154 vitamin C Nutrition 0.000 description 16
- 239000011718 vitamin C Substances 0.000 description 16
- 239000013598 vector Substances 0.000 description 12
- 230000006870 function Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 7
- 238000006317 isomerization reaction Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 230000009191 jumping Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000005284 excitation Effects 0.000 description 1
- 230000036039 immunity Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
- 238000012847 principal component analysis method Methods 0.000 description 1
- 238000004445 quantitative analysis Methods 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/53—Decompilation; Disassembly
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
The invention discloses a method and a device for forming a heterogeneous execution program set capable of quantizing difference, which are used for compiling the same source code in a heterogeneous mode to generate N heterogeneous execution programs, wherein N is an integer larger than 0, and the N heterogeneous execution programs are constructed into a heterogeneous execution program pool. Solving the maximum value of the heterogeneous executive program safety model according to the difference value between the original executable program and the heterogeneous executive programs, the difference value between every two heterogeneous executive programs and the loss value between the original executable program and the heterogeneous executive programs, obtaining the number m of the heterogeneous executive programs, and selecting m heterogeneous executive programs from the heterogeneous program pool to construct a heterogeneous executive program set. The invention improves the security of the security access gateway of the heterogeneous executive body, and has a key significance for analyzing the effect of carrying out endogenous security transformation on the security access gateway of the power internet of things by utilizing the mimicry defense theory.
Description
Technical Field
The invention relates to a method and a device for forming a heterogeneous execution sequence set capable of quantifying differences, and belongs to the technical field of network security.
Background
With the development of the ubiquitous power internet of things strategy, the advanced information communication technology and the wide application of the internet + in a power grid, the traditional closure and the specificity of a power system are gradually broken through. The electric power internet of things security access gateway provides basic support for the implementation of information internal and external network boundary security protection requirements, and solves the problems of equipment trust, channel security and data confidentiality in the terminal access process. The electric power internet of things security access gateway is used as a boundary security protection measure of a core, and the security protection of the electric power internet of things security access gateway is also very important. At present, the security protection aspect of the security access gateway of the power internet of things adopts technical measures such as code security detection, administrator authentication, data encryption storage verification, network access control, kernel cutting of an operating system, security reinforcement and the like. However, in the high-intensity actual combat countermeasure environments such as the current state-level network attack and defense drill, new threats are continuously brought by 0DAY vulnerabilities and unknown attacks, and the existing safety protection measures of the electric power internet of things safety access gateway show a severe safety gap.
In order to comprehensively improve the comprehensive defense capability of the electric power internet of things security access gateway and solve the problems of unknown vulnerability protection, unknown attack defense and integrated security protection of the existing electric power internet of things security access gateway, an endogenous security concept is introduced, the electric power internet of things security access gateway is modified by using technical theories such as mimicry and the like, and the endogenous security immunity capability of a power network security boundary is improved.
The mimicry defense is a revolutionary defense technical system which is used for trying to change the existing game rules and has the advantages of inclusion, openness and initiative. The mimicry defense no longer pursues to establish a loopless, backdoor-free, defect-free and perfect defense system to resist the network space security threat, but adopts various and constantly-changing evaluation and deployment mechanisms and strategies to construct a dynamic, heterogeneous, redundant and uncertain system architecture, forms the dilemmas of 'difficult detection, difficult penetration, difficult attack excitation, difficult attack achievement utilization' and the like, breaks through the static property, the certainty and the similarity of the network architecture formed by the attack chain, and greatly increases the attack cost of an attacker. The detectability of the system is reduced by increasing the dynamic property of the system, the penetrability of the system is reduced by increasing the randomness of the system, the problem of direct cooperative attack of an attacker is forced by applying the dynamic heterogeneous redundancy architecture of the system, and the stability or the effective utilization degree of an attack chain is damaged by comprehensively utilizing the dynamic property, the randomness and the diversity of the system. When the network and the system are deployed and operated, the attack difficulty including the attack based on unknown vulnerabilities and backdoors and the available difficulty of attack achievements are remarkably improved by reducing the determinacy, the similarity and the staticity of the network and the system, and the strategic pattern of 'easy attack and difficult guard' is completely turned.
The method is characterized in that the aspects of the prior art architecture, hardware cost, safety performance and the like of the electric power Internet of things safety access gateway are comprehensively considered, heterogeneous executors in a mimicry defense theory are realized in a software virtualization-based mode, the consistency of external representation of each executor is ensured, the executor has the same functionality as the original gateway, meanwhile, a plurality of different executable programs are generated on the basis of source codes of the safety access gateway by using a software compiling technology and using both instruction replacement and control flow conversion means, and the heterogeneous executors are constructed.
One of the core ideas of the mimicry defense theory is that an attacker cannot use the same attack means at a time to break the vulnerabilities in a plurality of heterogeneous executives. In practical application, the premise that the theory is established is that the difference between a plurality of executives is large enough, and the difference representation of potential vulnerability in the executives can be realized. However, in practical applications, because the vulnerability in the executable is unknown, and accurate differential compilation of a part of codes with the vulnerability cannot be realized, a variety of compilation methods are generally adopted to transform the codes in a large range. And because the existing means such as instruction replacement, control flow transformation and the like have certain randomness, the result after compiling transformation cannot be completely controlled, the more compiling transformation means used by default at present is, the greater the difference among a plurality of executable programs generated after compiling is, a quantitative measuring method for the difference is lacked, so that the safety measurement for heterogeneous executors generated after compiling becomes a difficult problem, and the improvement of the safety of the access gateway program after the method is adopted cannot be quantitatively analyzed.
Heterogeneous executive programs are generated based on software compiling, and differences can be generated among the generated heterogeneous executive programs by adopting different software compiling means in the prior art. However, due to the randomness of the software compiling means, the compiled result is not completely controllable, and a method for comparing differences among a plurality of execution programs by quantitative analysis is lacked, so that a satisfactory heterogeneous execution body set cannot be constructed.
Accordingly, there is a strong need in the art to overcome the above deficiencies in the prior art.
Disclosure of Invention
The purpose is as follows: in order to overcome the defects in the prior art, the invention provides a heterogeneous execution program set forming method and device capable of quantifying differences, wherein the heterogeneous execution program set is constructed according to the quantified differences and is used as a function executive body in a mimicry architecture.
The technical scheme is as follows: in order to solve the technical problems, the technical scheme adopted by the invention is as follows:
in a first aspect, a method for forming a heterogeneous execution program set with quantifiable differences includes the following steps:
and compiling the same source code in a heterogeneous mode to generate N heterogeneous execution programs, wherein N is an integer larger than 0, and constructing the N heterogeneous execution programs into a heterogeneous execution program pool.
And calculating the difference value between the original executable program and the heterogeneous executable program in the heterogeneous executable program pool.
And calculating the difference value of every two heterogeneous executive programs in the heterogeneous executive program pool.
And calculating loss values of the original executable program and the heterogeneous executable programs in the heterogeneous executive program pool.
Solving the maximum value of a security model of the heterogeneous executive programs according to the difference value between the original executable program and the heterogeneous executive programs, the difference value between every two heterogeneous executive programs and the loss value between the original executable program and the heterogeneous executive programs, obtaining the number m of the heterogeneous executive programs, and selecting m heterogeneous executive programs from a heterogeneous program pool to construct a heterogeneous executive program set.
As a preferred scheme, the compiling the same source code in a heterogeneous manner to generate N heterogeneous execution programs, where N is an integer greater than 0, and constructing the N heterogeneous execution programs into a heterogeneous execution program pool includes:
step 101: and selecting binary code segments needing heterogeneous processing in the same source code to generate virtual instruction segments.
Step 102: and randomly selecting the seed, and performing confusion operation on the virtual instruction segment according to the seed to generate the confused virtual instruction segment.
Step 103: setting the value of a in the a%, wherein the value range of a is 0-100, calculating the obfuscated virtual instruction segment with the flag bit set as 1 in the obfuscated virtual instruction segment according to the a%, and then obtaining the execution path of the obfuscated virtual instruction segment according to the offset address quantity of the obfuscated virtual instruction segment.
Step 104: and compiling according to the obfuscated virtual instruction segment and the execution path to generate the heterogeneous executive program.
Step 105: and repeating the steps 101-104 for N times to generate N heterogeneous executive programs.
Step 106: and constructing the N heterogeneous executives into a heterogeneous executive program pool.
As a preferred scheme, the N heterogeneous execution programs in the heterogeneous execution program pool are sorted from large to small according to a difference value between the original executable program and the heterogeneous execution program.
Preferably, a% is set in a gradient increasing manner.
As a preferred scheme, the seed selects a seed corresponding to the heterogeneous execution program with the largest gradient of the difference value between the original executable program and the heterogeneous execution program among the N heterogeneous execution programs.
Preferably, the formula for calculating the difference value between the original executable program and the heterogeneous executable program in the heterogeneous executable program pool is as follows:
Diff(H o ,H i )=cov(h so ,h si )·ω s +cov(h bo ,h bi )·ω b +cov(h co ,h ci )·ω c +cov(h to ,h ti )·ω t
wherein, cov (h) so ,h sj )、cov(h bo ,h bj )、cov(h co ,h cj )、cov(h to ,h tj ) Respectively representing the correlation values of the original executable program and the ith heterogeneous executable program with respect to the program capacity, the number of jump branch instructions, the complexity and the compiling time, omega s ,ω b ,ω c ,ω t The weights are program size, number of jump branch instructions, complexity, compile time.
As a preferred scheme, a formula for calculating a difference value between two heterogeneous execution programs in the heterogeneous execution program pool is as follows:
Diff(H i ,H j )=cov(h si ,h sj )·ω s +cov(h bi ,h bj )·ω b +cov(h ci ,h cj )·ω c +cov(h ti ,h tj )·ω t
wherein, cov (h) si ,h sj )、cov(h bi ,h bj )、cov(h ci ,h cj )、cov(h ti ,h tj ) Respectively representing the program capacity of the ith heterogeneous executive program and the jth heterogeneous executive program,Number of jump branch instructions, complexity, dependency value of compile time, ω s ,ω b ,ω c ,ω t The weights are program size, number of jump branch instructions, complexity, compile time.
Preferably, the formula for calculating the loss values of the original executable program and the heterogeneous executable program in the heterogeneous executable program pool is as follows:
P(L o ,L i )=(|l ko -l ki |+|l no -l ni |+|l do -l di |)/s oi
wherein:
l ko -l ki 、l no -l in 、l do -l di respectively representing the difference between the average time of connection, the maximum number of connections and the average response delay of the original executable program and the ith heterogeneous executable program.
As a preferred scheme, according to a difference value between an original executable program and a heterogeneous executive program, a difference value between every two heterogeneous executive programs and a loss value between the original executable program and the heterogeneous executive program, solving a maximum value of a security model of the heterogeneous executive program to obtain the number m of the heterogeneous executive programs, and selecting m heterogeneous executive programs from a heterogeneous program pool to construct a heterogeneous executive program set, the method comprises the following steps:
constructing a heterogeneous executive program security model, wherein the calculation formula is as follows:
wherein Σ P (L) o ,L i ) Represents the sum of the loss values between m heterogeneous executables and the original executable, Σ Diff (H) o ,H i )、ΣDiff(H i ,H j ) Respectively representing the sum of difference values of the m selected heterogeneous execution programs and the original executable program and the sum of difference values between every two heterogeneous execution programs.
And solving the maximum value of the safety model of the heterogeneous executive program to obtain the number m of the heterogeneous executive programs.
And selecting m heterogeneous execution programs from the heterogeneous program pool to construct a heterogeneous execution program set.
In a second aspect, an apparatus for forming a heterogeneous execution program set of quantifiable differences includes the following modules:
the heterogeneous executive program pool construction module comprises: the method is used for compiling the same source code in a heterogeneous mode to generate N heterogeneous execution programs, wherein N is an integer larger than 0, and the N heterogeneous execution programs are constructed into a heterogeneous execution program pool.
The first difference value calculating module: the method is used for calculating the difference value between the original executable program and the heterogeneous executable program in the heterogeneous executable program pool.
The second difference value calculating module: the method is used for calculating the difference value of every two heterogeneous executive programs in the heterogeneous executive program pool.
A loss value calculation module: the method is used for calculating the loss value of the original executable program and the heterogeneous executable program in the heterogeneous executable program pool.
The heterogeneous execution program set construction module comprises: the method is used for solving the maximum value of the heterogeneous executive program safety model according to the difference value between the original executable program and the heterogeneous executive programs, the difference value between every two heterogeneous executive programs and the loss value between the original executable program and the heterogeneous executive programs, obtaining the number m of the heterogeneous executive programs, and selecting m heterogeneous executive programs from a heterogeneous program pool to construct a heterogeneous executive program set.
Preferably, the heterogeneous execution program pool building module includes:
step 101: and selecting binary code segments needing heterogeneous processing in the same source code to generate virtual instruction segments.
Step 102: and randomly selecting the seed, and performing confusion operation on the virtual instruction segment according to the seed to generate the confused virtual instruction segment.
Step 103: setting the value of a in a%, wherein the value range of a is 0-100, calculating the obfuscated virtual instruction segment with the flag bit set as 1 in the obfuscated virtual instruction segment according to a%, and then obtaining the execution path of the obfuscated virtual instruction segment according to the offset address quantity of the obfuscated virtual instruction segment.
Step 104: and compiling according to the obfuscated virtual instruction fragment and the execution path to generate a heterogeneous execution program.
Step 105: and repeating the steps 101-104 for N times to generate N heterogeneous executive programs.
Step 106: and constructing the N heterogeneous executives into a heterogeneous executive program pool.
Preferably, the N heterogeneous execution programs in the heterogeneous execution program pool are sorted from large to small according to a difference value between the original executable program and the heterogeneous execution program.
Preferably, a% is set in increments of gradient.
As a preferred scheme, the seed selects a seed corresponding to the heterogeneous execution program with the largest gradient of difference values between the original executable program and the heterogeneous execution program among the N heterogeneous execution programs.
Preferably, the first difference value calculating module includes:
Diff(H o ,H i )=cov(h so ,h si )·ω s +cov(h bo ,h bi )·ω b +cov(h co ,h ci )·ω c +cov(h to ,h ti )·ω t
wherein, cov (h) so ,h sj )、cov(h bo ,h bj )、cov(h co ,h cj )、cov(h to ,h tj ) Respectively representing the correlation values of the original executable program and the ith heterogeneous executable program with respect to the program capacity, the number of jump branch instructions, the complexity and the compiling time, omega s ,ω b ,ω c ,ω t The weights are program size, number of jump branch instructions, complexity, compile time.
Preferably, the second difference value calculating module includes:
Diff(H i ,H j )=cov(h si ,h sj )·ω s +cov(h bi ,h bj )·ω b +cov(h ci ,h cj )·ω c +cov(h ti ,h tj )·ω t
wherein, cov (h) si ,h sj )、cov(h bi ,h bj )、cov(h ci ,h cj )、cov(h ti ,h tj ) Respectively representing the correlation values of the ith heterogeneous executive program and the jth heterogeneous executive program with respect to program capacity, the number of jump branch instructions, complexity and compilation time, omega s ,ω b ,ω c ,ω t The weights are program size, number of jump branch instructions, complexity, compile time.
Preferably, the loss value calculating module includes:
P(L o ,L i )=(|l ko -l ki |+|l no -l ni |+|l do -l di |)/s oi
wherein:
l ko -l ki 、l no -l ni 、l do -l di respectively representing the difference between the average time of connection, the maximum number of connections and the average response delay of the original executable program and the ith heterogeneous executable program.
As a preferred solution, the heterogeneous executive program set building module includes:
constructing a heterogeneous executive program security model, wherein the calculation formula is as follows:
wherein Σ P (L) o ,L i ) Represents the sum of the loss values between m heterogeneous executables and the original executable, Σ Diff (H) o ,H i )、ΣDiff(H i ,H j ) Respectively representing the sum of difference values of the selected m heterogeneous executables and the original executable program and the heterogeneousAnd executing the sum of the difference values between every two programs.
And solving the maximum value of the security model of the heterogeneous executive program to obtain the number m of the heterogeneous executive programs.
And selecting m heterogeneous execution programs from the heterogeneous program pool to construct a heterogeneous execution program set.
Has the beneficial effects that: the invention provides a method and a device for forming a heterogeneous execution sequence set capable of quantifying differences. Secondly, aiming at the problem of quantitative measurement of difference among a plurality of binary executable programs, the heterogeneous indexes of the executable programs are constructed from multiple dimensions such as the compiled program quantity, the number of jump branch instructions, the complexity, the compiling time and the like. And then, constructing a loss index according to the difference between the function and performance of the compiled executable program and the original standard program. Finally, according to the isomerism index and the loss index, the generated isomerism execution sequence set improves the safety of the safety access gateway of the isomerism execution body, has key significance for analyzing the effect of carrying out endogenous safety improvement on the safety access gateway of the power internet of things by utilizing the mimicry defense theory, is beneficial to developing targeted network safety active defense for companies, and has wide engineering practical value. Its advantages are as follows:
(1) The executable program generated by aiming at the heterogeneous compiling method can measure the heterogeneous degree of the heterogeneous compiling method in a quantified and quantitative mode.
(2) The isomerization executable program utilizes a quantitative calculation method, improves the endogenous safety, and provides data support for subsequently selecting an effective isomerization compiling means and carrying out isomerization parameter tuning.
Drawings
FIG. 1 is a schematic flow diagram of the process of the present invention.
FIG. 2 is a diagram illustrating a virtual instruction fragment execution path without path heterogeneity.
FIG. 3 is a diagram illustrating a path of execution of a virtual instruction fragment via path heterogeneity.
FIG. 4 is a schematic view of the structure of the device of the present invention.
Detailed Description
The present invention will be further described with reference to the following examples.
As shown in fig. 1, a method for forming a heterogeneous execution program set with quantifiable differences includes the following steps:
and compiling the same source code in a heterogeneous mode to generate N heterogeneous executive programs, wherein N is an integer greater than 0, and constructing the N heterogeneous executive programs into a heterogeneous executive program pool.
And calculating the difference value between the original executable program and the heterogeneous executable program in the heterogeneous executable program pool.
And calculating the difference value of every two heterogeneous execution programs in the heterogeneous execution program pool.
And calculating loss values of the original executable program and the heterogeneous executable programs in the heterogeneous execution program pool.
Solving the maximum value of the heterogeneous executive program safety model according to the difference value between the original executable program and the heterogeneous executive programs, the difference value between every two heterogeneous executive programs and the loss value between the original executable program and the heterogeneous executive programs, obtaining the number m of the heterogeneous executive programs, and selecting m heterogeneous executive programs from the heterogeneous program pool to construct a heterogeneous executive program set.
A second embodiment is a method for forming a heterogeneous execution program set with quantifiable differences, including the steps of:
step 1: a binary code segment requiring heterogeneous processing is selected.
And selecting the binary code segments needing heterogeneous processing according to the target function name needing protection or the start and end addresses of the code block. From the security perspective, the main function functions of the program and the code blocks involved in the interaction with external data are generally selected as binary code segments requiring heterogeneous processing.
And 2, step: and converting the binary code segment to generate a virtual instruction segment.
Decompiling the binary code segments selected in the step 1 into assembly codes according to a bottom layer architecture (such as x86, ARM and the like), and then converting the assembly codes into virtual instruction segments VC by using a cross-platform compiling tool such as LLVM and the like.
And step 3: and carrying out confusion operation on the virtual instruction fragments to generate the confused virtual instruction fragments.
To produce a heterogeneous effect, a obfuscation operation is performed on the virtual instruction fragment. Aiming at the same virtual instruction segment VC, carrying out a plurality of times of confusion operations, selecting different seeds from a randomly generated seed pool for initialization in each confusion operation, and recording the confused virtual instruction segment as VC i (seed j ) Where i represents the virtual instruction fragment sequence number and j represents the initialization seed sequence number employed. VC (vitamin C) i (seed j ) And representing the result of confusion of the ith virtual instruction segment by adopting the seeds in the jth seed pool.
And 4, step 4: and setting the virtual instruction segment, and acquiring the heterogeneous program execution path.
And 3, the confusion operation for the virtual instruction fragment in the step 3 is embodied in a static layer, and in order to further enhance the heterogeneity of the whole program, the program path in the execution process is randomized.
1) In the original program execution process, jumping between different instruction fragments is operated by a scheduler according to a standard byte code sequence.
Standard byte codes: 02 01 21 22 43 20...
Each bit in the standard byte code represents the sequence number of the instruction fragment, for example, after the instruction fragment with the sequence number 02 runs, the scheduler jumps back to the scheduler, and then the scheduler selects the instruction fragment with the sequence number 01 to run according to the standard byte code.
2) In virtual instruction fragments VC 1 Adding a one-bit offset address byte code at the end for recording the virtual instruction fragment VC 1 VC to next virtual instruction segment 2 Then, a marking bit (0 or 1) is added at the end of the offset address byte code to indicate whether the scheduler is selected or the offset address amount is jumped, 0 indicates that the scheduler is selected, and 1 indicates that the jump is directly carried out to the next virtual instruction segment according to the offset address.
The flag bits of the virtual instruction segments are a% of the randomly selected total virtual instruction segment number set to 1, and the flag bits of the rest virtual instruction segments are set to 0. The value range of a is 0-100, and the flag bit is turned (0 to 1 or 1 to 0) after the virtual instruction segment is executed each time.
Suppose there are 100 virtual instruction fragments VC in total 1-100 The number of virtual instruction fragments of a% x100 is selected, and their flag bit is set to 1, and this percentage is used to control the degree of heterogeneity of the program execution path.
VC 1 (start address 0x6 a):
| VC 1 instruction fragment | Offset address 0x16 | Flag bit 0 |
VC 2 (start address 0x80=0x6a + _0x 16)
3) By adding the offset address and the flag bit, the virtual instruction segment can generate different execution paths in the actual execution process.
The execution path refers to the sequence of code blocks that pass through in sequence during program execution.
Program execution process standard bytecode: 01 41 20, as shown in fig. 2, the execution path of the virtual instruction segment without path heterogeneity is as follows, and the virtual instruction segments 01, 5, 20, 41 are in standard byte code: 01 41 20, after executing 1 instruction fragment, jumping back to the scheduler, and jumping to the next virtual instruction fragment by the scheduler according to the data stored in the standard bytecode, thereby forming the program execution path of 1-2-3-4-5-6 in fig. 2.
As shown in fig. 3, via path heterogeneityThe virtual instruction segment execution path is as follows, the tail of each virtual instruction segment is provided with the offset address amount of the next virtual instruction segment and the flag bit of the jump mode, wherein, the instruction segment VC 1 、VC 20 The flag bit of (1) is directly jumped to the next virtual instruction segment, VC, according to the offset address quantity 41 The flag bit is 0, the call is called back to the scheduler, and then the next virtual instruction fragment is jumped to, so that the program execution path is 1-2-3-4.
Through the steps, different program execution paths can be generated in the execution process of the same virtual instruction fragment, so that the heterogeneity of the program is enhanced.
And 5: and (4) repeating the steps 1-4 to generate a plurality of different heterogeneous executive programs of the same source code and generate a heterogeneous executive program pool.
And (3) for the program needing isomerization, performing N times of operations according to the steps 1-4, and generating N heterogeneous execution programs due to the difference of obfuscated initialization seeds and the difference of program execution paths in the steps 3 and 4.
In step 3, a seed used for confusion initialization exists, and in step 4, a parameter a% for randomly selecting the total instruction segment number exists, wherein the two parameters directly influence the instruction segments VC generated by confusion i (seed j ) And program execution paths, which are the main variables that control the heterogeneity between programs.
Seed and selection of parameter a% Diff (H) calculated in step 7 o ,H i ) The value is optimized. First, the initial value of a% is fixed (e.g., 10%), and Diff (H) is calculated by randomly selecting seed a plurality of times o ,H i ) And Diff (H) o ,H i ) And selecting the seed corresponding to the direction with the fastest gradient rise. Subsequently, diff (H) is calculated sequentially at a value of 5% successively increasing a% (generally not more than 30%) ( o ,H i ) Gradient optimization, step size, i.e. 5% increase of a% each time. Finally, according to Diff (H) o ,H i ) And the values are generated by arranging the heterogeneous executive programs from big to small to form a heterogeneous program pool.
Step 6: and acquiring heterogeneous index vectors of different heterogeneous execution programs in the heterogeneous program pool.
And 5, obtaining a plurality of different heterogeneous executive programs compiled and generated from the same source code, and selecting program capacity, the number of jump branch instructions, complexity and compiling time as characteristics for representing heterogeneous indexes in order to more accurately describe the heterogeneity among the different heterogeneous executive programs.
The program capacity refers to the volume of a program without null instructions, and the unit is byte, and the null instructions are N0P.
The number of jump branch instructions refers to the number of jump instructions existing in the program, such as JMP and JE.
Compile time refers to the time when a binary program is compiled from source code in the same hardware environment.
The complexity refers to the number of executable paths which are linearly independent in the program, and the complexity of the heterogeneous executive program is calculated by selecting a circle complexity mode.
The program capacity, the number of jump branch instructions, the complexity and the compilation time are respectively recorded as s, b, c and t, and for a heterogeneous execution program, a heterogeneous index vector is recorded as: h = (H) s ,h b ,h c ,h t )。
And 7: and calculating the difference value of the heterogeneous execution program according to the heterogeneous index vector.
According to the heterogeneous index vector determined in the step 6, firstly, a heterogeneous index vector H of the executable program generated by compiling without adopting any heterogeneous means (namely normal compiling) is constructed o Then, the N heterogeneous execution programs generated in the step 5 are respectively calculated to obtain heterogeneous index vectors which are recorded as H i And i is 1-N and represents the ith heterogeneous executive program. For H i For each component in (1), a calculation weight ω corresponding to each component is confirmed by a weight calculation method (for example, entropy weight method, principal component analysis method, etc.) s ,ω b ,ω c ,ω t Sequentially correspond to h s ,h b ,h c ,h t The weight of (c). Then, H is calculated by covariance o And H i Correlation matrix Cov (H) o ,H i ) As follows:
because the correlation between the heterogeneous indexes is not high, when the value of the covariance matrix is actually calculated, a diagonal element is selected, and the difference value between the heterogeneous compiled executable program and the original executable program is obtained according to the weight omega as follows:
Diff(H o ,H i )=cov(h so ,h si )·ω s +cov(h bo ,h bi )·ω b +cov(h co ,h ci )·ω c +cov(h to ,h ti )·ω t
wherein, cov (h) so ,h sj )、cov(h bo ,h bj )、cov(h co ,h cj )、cov(h to ,h tj ) Respectively representing the correlation values of the original executable program and the ith heterogeneous executable program with respect to the program capacity, the number of jump branch instructions, the complexity and the compiling time.
Diff (H) obtained o ,H i ) Quantitatively calculating the difference between the execution program after heterogeneous compilation and the original execution program.
And step 8: and calculating the difference value of every two heterogeneous executive programs in the heterogeneous executive program pool.
Calculating Diff (H) between two programs in heterogeneous program pool i ,H j )。
Diff(H i ,H j )=cov(h si ,h sj )·ω s +cov(h bi ,h bj )·ω b +cov(h ci ,h cj )·ω c +cov(h ti ,h tj )·ω t
Wherein h is sj 、h bj 、h cj 、h tj Respectively representing the program capacity, the number of jump branch instructions, the complexity and the compiling time of a j-th heterogeneous executive program. cov (h) si ,h sj )、cov(h bi ,h bj )、cov(h ci ,h cj )、cov(h ti ,h tj ) Respectively representing the correlation values of the ith heterogeneous executive program and the jth heterogeneous executive program with respect to program capacity, the number of jump branch instructions, complexity and compiling time.
And (9): and acquiring a loss index vector of the heterogeneous execution program in the heterogeneous execution program pool.
In order to compare the differences between the original functions and performances of the heterogeneous executive programs compiled and generated by utilizing the heterogeneous means and the original executable programs, firstly, loss indexes for comparison are extracted. Taking the main functions and performance indexes of the security access gateway as the basis, selecting the average time for establishing connection, the maximum connection number and the average response delay as loss indexes, recording the average time for establishing connection, the maximum connection number and the average response delay as k, n and d, and recording the loss index vector of an executable program as follows: l = (L) k ,l n ,l d )。
The average time to establish a connection refers to the average time to establish a session connection.
The maximum number of connections refers to the maximum number of connections maintained at the same time.
The average response delay refers to the average delay from the receipt of an external request to the return of a response.
Step (10): and calculating the loss value of the heterogeneous execution program according to the loss index vector.
According to the loss index vector in the step (9), respectively extracting a loss index vector L from the original executable program and the heterogeneous executable program generated by heterogeneous compilation o And L i Using spatial distance calculation methods, e.g. Manhattan distance calculation vector L o And L i The difference between the two components is normalized by the variance between the components to obtain a heterogeneous executive program loss value, which is recorded as P (L) o ,L i )。
P(L o ,L i )=(|l ko -l ki |+|l no -l ni |+|l do -l di |)/s oi
Wherein:
l ko -l ki 、l no -l ni 、l do -l di respectively representing the difference between the average time of connection, the maximum number of connections and the average response delay of the original executable program and the ith heterogeneous executable program.
Step 11: and calculating the maximum value of the security model of the heterogeneous executive programs, obtaining the number m of the heterogeneous executive programs, and selecting the m heterogeneous executive programs from the heterogeneous program pool to construct a heterogeneous executive program set.
The difference value and the loss value between the heterogeneous executive program and the original executable program and the difference value between every two heterogeneous executive programs are obtained from the steps. According to the mimicry defense theory, a plurality of heterogeneous executive programs run in parallel, the larger the difference between every two heterogeneous executive programs is, the lower the possibility of being attacked is, namely, the higher the safety is. When aiming at the security access gateway, in addition to considering the heterogeneity, the influence on the functions and the performance after the isomerization is also needed to be considered.
M heterogeneous execution programs are selected from the heterogeneous program pool constructed in the step 8 to form a heterogeneous execution program set, and the heterogeneous execution program set is calculated according to the following mode:
where Σ P (Lo, li) represents the sum of the loss values between m heterogeneous executables and the original executable program, and the smaller the loss represents that the heterogeneous compiled executable program has smaller performance and function loss compared with the original executable program (theoretically, the heterogeneous compiled executable program cannot be better than the original program in performance and function), Σ Diff (H, H) o ,H i )、ΣDiff(H i ,H j ) Respectively representing the difference sum of the m selected heterogeneous executive programs and the source program and the difference sum of the heterogeneous executive programs between two adjacent heterogeneous executive programs, wherein the closer the Diff is to 0, the smaller the correlation between the executable programs is, namely the higher the isomerization degree is. From the aboveCan be obtained when Sec (m) The larger the size, the greater the security enhancement for the isomerized executable program.
Based on the method, quantitative calculation of the difference between the executable programs generated by software compiling can be achieved, the difference after the plurality of heterogeneous executable programs form a set can be calculated, and the suitable heterogeneous executable programs are selected to form an executable body set according to the difference.
As shown in fig. 4, a third embodiment of an apparatus for forming a heterogeneous execution program set with quantifiable differences includes the following modules:
the heterogeneous executive program pool building module: the method is used for compiling the same source code in a heterogeneous mode to generate N heterogeneous execution programs, wherein N is an integer larger than 0, and the N heterogeneous execution programs are constructed into a heterogeneous execution program pool.
The first difference value calculating module: the method is used for calculating the difference value between the original executable program and the heterogeneous executable program in the heterogeneous executable program pool.
The second difference value calculating module: the method is used for calculating the difference value of every two heterogeneous execution programs in the heterogeneous execution program pool.
A loss value calculation module: the method is used for calculating the loss value of the original executable program and the heterogeneous executable program in the heterogeneous executable program pool.
The heterogeneous execution program set building module: the method is used for solving the maximum value of the heterogeneous executive program safety model according to the difference value between the original executable program and the heterogeneous executive programs, the difference value between every two heterogeneous executive programs and the loss value between the original executable program and the heterogeneous executive programs, obtaining the number m of the heterogeneous executive programs, and selecting m heterogeneous executive programs from a heterogeneous program pool to construct a heterogeneous executive program set.
The above description is only of the preferred embodiments of the present invention, and it should be noted that: it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the invention and these are intended to be within the scope of the invention.
Claims (10)
1. A method for forming a heterogeneous executive program set capable of quantifying differences is characterized in that: the method comprises the following steps:
compiling the same source code in a heterogeneous mode to generate N heterogeneous execution programs, wherein N is an integer larger than 0, and constructing the N heterogeneous execution programs into a heterogeneous execution program pool;
calculating the difference value between the original executable program and the heterogeneous executable program in the heterogeneous executable program pool;
calculating difference values of two heterogeneous execution programs in the heterogeneous execution program pool;
calculating loss values of the original executable program and the heterogeneous executable program in the heterogeneous executable program pool;
solving the maximum value of a security model of the heterogeneous executive programs according to the difference value between the original executable program and the heterogeneous executive programs, the difference value between every two heterogeneous executive programs and the loss value between the original executable program and the heterogeneous executive programs, obtaining the number m of the heterogeneous executive programs, and selecting m heterogeneous executive programs from a heterogeneous program pool to construct a heterogeneous executive program set.
2. The method of claim 1, wherein the method comprises: the compiling the same source code in a heterogeneous mode to generate N heterogeneous executive programs, wherein N is an integer greater than 0, and the N heterogeneous executive programs are constructed into a heterogeneous executive program pool, and the method comprises the following steps:
step 101: selecting binary code segments needing heterogeneous processing in the same source code to generate virtual instruction segments;
step 102: randomly selecting seed, and performing confusion operation on the virtual instruction segment according to the seed to generate a confused virtual instruction segment;
step 103: setting the value of a in a%, wherein the value range of a is 0-100, calculating the obfuscated virtual instruction segment with the flag bit set to 1 in the obfuscated virtual instruction segment according to a%, and then obtaining the execution path of the obfuscated virtual instruction segment according to the offset address quantity of the obfuscated virtual instruction segment;
step 104: compiling and generating a heterogeneous executive program according to the obfuscated virtual instruction segment and the executive path;
step 105: repeating the steps 101-104 for N times to generate N heterogeneous execution programs;
step 106: and constructing the N heterogeneous executives into a heterogeneous executive program pool.
3. The method of claim 2, wherein the method comprises: and sequencing the N heterogeneous execution programs in the heterogeneous execution program pool from large to small according to the difference value between the original executable program and the heterogeneous execution programs.
4. The method of claim 2, wherein the method comprises: the a% is set in increments of gradient.
5. The method of claim 4, wherein the method comprises: and selecting the seed corresponding to the heterogeneous execution program with the maximum gradient change of the difference value between the original executable program and the heterogeneous execution program in the N heterogeneous execution programs.
6. The method of claim 1, wherein the method comprises: the formula for calculating the difference value between the original executable program and the heterogeneous executable program in the heterogeneous executable program pool is as follows:
Diff(H o ,H i )=cov(h so ,h si )ω s +cov(h bo ,h bi )·ψ b +cov(h co ,h ci )·ω c +cov(h to ,h ti )·ω t
wherein, cov (h) so ,h sj )、cov(h bo ,h bj )、cov(h co ,h cj )、cov(h to ,h tj ) Respectively representing the program capacity and jump of the original executable program and the ith heterogeneous executable programDependency values of branch instruction number, complexity, compile time, omega s ,ω b ,ω c ,ω t The weights are program size, number of jump branch instructions, complexity, compile time.
7. The method of claim 1, wherein the method comprises: the formula for calculating the difference value of every two heterogeneous executive programs in the heterogeneous executive program pool is as follows:
Diff(H i ,H j )=cov(h si ,h sj )·ω s +cov(h bi ,h bj )·ω b +cov(h ci ,h cj )·ω c +cov(h ti ,h tj )·ω t
wherein, cov (h) si ,h sj )、cov(h bi ,h bj )、cov(h ci ,h cj )、cov(h ti ,h tj ) Respectively representing the correlation values of the ith heterogeneous executive program and the jth heterogeneous executive program with respect to program capacity, the number of jump branch instructions, complexity and compilation time, omega s ,ω b ,ω c ,ω t The weights are program size, number of jump branch instructions, complexity, compile time.
8. The method of claim 1, wherein the method comprises: the formula for calculating the loss values of the original executable program and the heterogeneous executable program in the heterogeneous executable program pool is as follows:
P(L o ,L i )=(|l ko -l ki |+|l no -l ni |+|l do -l di |)/s oi
wherein:
l ko -l ki 、l no -l ni 、l do -l di each represents an atomThe difference between the average time of connection, the maximum number of connections, and the average response delay between the initially executable program and the ith heterogeneous executable program.
9. The method of claim 1, wherein the method comprises: the method for constructing the heterogeneous execution program set by selecting m heterogeneous execution programs from a heterogeneous program pool according to the difference value between the original executable program and the heterogeneous execution programs, the difference value between every two heterogeneous execution programs and the loss value between the original executable program and the heterogeneous execution programs, solving the maximum value of a heterogeneous execution program security model, obtaining the number m of the heterogeneous execution programs, and constructing the heterogeneous execution program set comprises the following steps:
constructing a heterogeneous executive program security model, wherein the calculation formula is as follows:
wherein Σ P (L) o ,L i ) Represents the sum of the loss values between the m heterogeneous executables and the original executable, Σ Diff (H) o ,H i )、ΣDiff(H i ,H j ) Respectively representing the sum of difference values of the m selected heterogeneous execution programs and the original executable program and the sum of difference values between every two heterogeneous execution programs;
solving the maximum value of the safety model of the heterogeneous executive program to obtain the number m of the heterogeneous executive programs;
and selecting m heterogeneous execution programs from the heterogeneous program pool to construct a heterogeneous execution program set.
10. A heterogeneous execution program set composing apparatus capable of quantizing differences, comprising: the system comprises the following modules:
the heterogeneous executive program pool building module: the system comprises a source code, a heterogeneous execution program pool and a plurality of heterogeneous execution programs, wherein the source code is compiled to generate N heterogeneous execution programs in a heterogeneous mode, N is an integer larger than 0, and the N heterogeneous execution programs are constructed to the heterogeneous execution program pool;
the first difference value calculating module: the method comprises the steps of calculating a difference value between an original executable program and a heterogeneous executable program in a heterogeneous executable program pool;
the second difference value calculating module: the method comprises the steps of calculating difference values of two heterogeneous execution programs in a heterogeneous execution program pool;
a loss value calculation module: the method comprises the steps of calculating loss values of an original executable program and a heterogeneous executable program in a heterogeneous executive program pool;
the heterogeneous execution program set building module: the method is used for solving the maximum value of the heterogeneous executive program safety model according to the difference value between the original executable program and the heterogeneous executive programs, the difference value between every two heterogeneous executive programs and the loss value between the original executable program and the heterogeneous executive programs, obtaining the number m of the heterogeneous executive programs, and selecting m heterogeneous executive programs from a heterogeneous program pool to construct a heterogeneous executive program set.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210820600.7A CN115309402B (en) | 2022-07-13 | 2022-07-13 | Heterogeneous execution program set forming method and device capable of quantifying difference |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210820600.7A CN115309402B (en) | 2022-07-13 | 2022-07-13 | Heterogeneous execution program set forming method and device capable of quantifying difference |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115309402A true CN115309402A (en) | 2022-11-08 |
| CN115309402B CN115309402B (en) | 2023-10-24 |
Family
ID=83856632
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210820600.7A Active CN115309402B (en) | 2022-07-13 | 2022-07-13 | Heterogeneous execution program set forming method and device capable of quantifying difference |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115309402B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116150455A (en) * | 2023-04-17 | 2023-05-23 | 华能信息技术有限公司 | Heterogeneous data analysis method |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050196349A1 (en) * | 2003-09-22 | 2005-09-08 | Dianqing Wu | Compositions and methods for bone formation and remodeling |
| CN101441569A (en) * | 2008-11-24 | 2009-05-27 | 中国人民解放军信息工程大学 | Novel service flow-oriented compiling method based on heterogeneous reconfigurable architecture |
| CN104035781A (en) * | 2014-06-27 | 2014-09-10 | 北京航空航天大学 | Method for quickly developing heterogeneous parallel program |
| US20170242672A1 (en) * | 2016-02-18 | 2017-08-24 | International Business Machines Corporation | Heterogeneous computer system optimization |
| CN111459832A (en) * | 2020-04-13 | 2020-07-28 | 郑州昂视信息科技有限公司 | Heterogeneous compilation algorithm feasibility evaluation method and system |
| WO2020227541A1 (en) * | 2019-05-07 | 2020-11-12 | Brightspec, Inc. | Highly selective chromatography-molecular rotational resonance spectroscopy systems and methods |
| CN112148570A (en) * | 2019-06-27 | 2020-12-29 | 英特尔公司 | Method and apparatus for improving runtime performance of software executing on heterogeneous systems |
| CN112839036A (en) * | 2020-12-30 | 2021-05-25 | 中国人民解放军战略支援部队信息工程大学 | Software running environment generation method and system based on mimicry defense theory |
| CN112905998A (en) * | 2021-02-26 | 2021-06-04 | 中国人民解放军国防科技大学 | Address-oriented attack protection method and device based on code segment random switching |
-
2022
- 2022-07-13 CN CN202210820600.7A patent/CN115309402B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050196349A1 (en) * | 2003-09-22 | 2005-09-08 | Dianqing Wu | Compositions and methods for bone formation and remodeling |
| CN101441569A (en) * | 2008-11-24 | 2009-05-27 | 中国人民解放军信息工程大学 | Novel service flow-oriented compiling method based on heterogeneous reconfigurable architecture |
| CN104035781A (en) * | 2014-06-27 | 2014-09-10 | 北京航空航天大学 | Method for quickly developing heterogeneous parallel program |
| US20170242672A1 (en) * | 2016-02-18 | 2017-08-24 | International Business Machines Corporation | Heterogeneous computer system optimization |
| WO2020227541A1 (en) * | 2019-05-07 | 2020-11-12 | Brightspec, Inc. | Highly selective chromatography-molecular rotational resonance spectroscopy systems and methods |
| CN112148570A (en) * | 2019-06-27 | 2020-12-29 | 英特尔公司 | Method and apparatus for improving runtime performance of software executing on heterogeneous systems |
| CN111459832A (en) * | 2020-04-13 | 2020-07-28 | 郑州昂视信息科技有限公司 | Heterogeneous compilation algorithm feasibility evaluation method and system |
| CN112839036A (en) * | 2020-12-30 | 2021-05-25 | 中国人民解放军战略支援部队信息工程大学 | Software running environment generation method and system based on mimicry defense theory |
| CN112905998A (en) * | 2021-02-26 | 2021-06-04 | 中国人民解放军国防科技大学 | Address-oriented attack protection method and device based on code segment random switching |
Non-Patent Citations (2)
| Title |
|---|
| O. KAYIRAN 等: "Managing GPU Concurrency in Heterogeneous Architectures", 《2014 47TH ANNUAL IEEE/ACM INTERNATIONAL SYMPOSIUM ON MICROARCHITECTURE》, pages 114 - 126 * |
| 郑晓薇 等: "异构平台下的并行程序性能可视化方法", 《计算机工程与设计》, vol. 31, no. 04, pages 872 - 875 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116150455A (en) * | 2023-04-17 | 2023-05-23 | 华能信息技术有限公司 | Heterogeneous data analysis method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115309402B (en) | 2023-10-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alam et al. | A framework for metamorphic malware analysis and real-time detection | |
| Avancini et al. | Towards security testing with taint analysis and genetic algorithms | |
| CN110276198B (en) | Embedded variable granularity control flow verification method and system based on probability prediction | |
| Kotenko et al. | The CAPEC based generator of attack scenarios for network security evaluation | |
| Cristalli et al. | Trusted execution path for protecting java applications against deserialization of untrusted data | |
| CN115309402A (en) | Method and device for forming heterogeneous execution sequence set capable of quantifying differences | |
| Noller et al. | Qfuzz: Quantitative fuzzing for side channels | |
| Holder et al. | Evaluating optimal phase ordering in obfuscation executives | |
| Ma et al. | Control flow obfuscation using neural network to fight concolic testing | |
| Salls et al. | Exploring abstraction functions in fuzzing | |
| Maynard et al. | Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction. | |
| Baiardi et al. | Application Vulnerabilities in Risk Assessment and Management. | |
| Smolka et al. | Fuzz on the Beach: Fuzzing Solana Smart Contracts | |
| Huo et al. | LAPE: A Lightweight Attestation of Program Execution Scheme for Bare-Metal Systems | |
| Yujia et al. | A new compile-time obfuscation scheme for software protection | |
| Antoniol | Keynote paper: Search based software testing for software security: Breaking code to make it safer | |
| Hatas et al. | Efficient Evolutionary Fuzzing for Android Application Installation Process | |
| CN113901479A (en) | Security assessment framework and method for transient execution attack dynamic attack link | |
| Kwon et al. | OCTOPOCS: automatic verification of propagated vulnerable code using reformed proofs of concept | |
| Oo et al. | Analyzing the effect of moving target defense for a Web system | |
| Fan et al. | Obfuscated malicious code detection with path condition analysis | |
| Sha et al. | Model of execution trace obfuscation between threads | |
| Adhikari et al. | Argon: A toolbase for evaluating software protection techniques against symbolic execution attacks | |
| Luo et al. | Reverse Engineering of Obfuscated Lua Bytecode via Interpreter Semantics Testing | |
| Park et al. | Two‐stage tamper response in tamper‐resistant software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |