Jisuanji kexue (Dec 2022)

Reverse Location of Software Online Upgrade Function Based on Semantic Guidance

  • LYU Xiao-shao, SHU Hui, KANG Fei, HUANG Yu-yao

DOI
https://doi.org/10.11896/jsjkx.211000059
Journal volume & issue
Vol. 49, no. 12
pp. 353 – 361

Abstract

Read online

The hijacking attack for software online upgrade is one of the most common methods of network attack.Program ana-lysis is an important method to evaluate the security of software upgrade quickly and automatically.Rapid reverse positioning of upgrade functions in software is a key premise to realize static analysis and improve the efficiency of dynamic analysis.Traditional program analysis reverse localization relies on manual experience based on the cross reference chain relation of semantic information,such as string and API function,which is inefficient and cannot be automated.To solve this problem,this paper proposes a software upgrade function localization method based on semantic analysis and reverse analysis.Firstly,an upgrade semantic classification model based on natural language processing is established for common semantic information(string,function name,API function,etc.) in software binary program.Secondly,the software semantic information is extracted by reverse analysis tool,and the upgrade semantic classification model is used to identify the upgrade semantic information.Finally,an algorithm is defined to solve the key nodes of the upgrade function in the graph tree of function call relationship.This paper designs and implements a software online upgrade positioning system,and carries out reverse positioning analysis on 153 commonly used softwares,126 of which are successfully located.The security of some software upgrades is preliminarily evaluated by positioning analysis,and one CNNVD vulnerability and five CNVD vulnerabilities are found.

Keywords