Automatic detection method of software upgrade  vulnerability based on network traffic analysis

TENG Jinhui, GUANG Yan, SHU Hui, ZHANG Bing

doi:10.11959/j.issn.2096-109x.2020004

网络与信息安全学报 (Feb 2020)

Automatic detection method of software upgrade vulnerability based on network traffic analysis

TENG Jinhui, GUANG Yan, SHU Hui, ZHANG Bing

Affiliations

TENG Jinhui, GUANG Yan, SHU Hui, ZHANG Bing: Strategic Support Force Information Engineering University, Zhengzhou 450001, China

DOI: https://doi.org/10.11959/j.issn.2096-109x.2020004
Journal volume & issue: Vol. 6, no. 1
pp. 94 – 108

Abstract

Read online

During the software upgrade process, the lack of authentication for upgrade information or packages can lead to remote code execution vulnerabilities based on man-in-the-middle attack. An automatic detection method for upgrading vulnerabilities was proposed. The method described the upgrade mechanism by extracting the network traffic during the upgrade process, then matched it with the vulnerability feature vector to anticipate upgrading vulnerabilities. In a validation environment, the man-in-the-middle attack using the portrait information was carried out to verify the detection results. In addition, an automatic vulnerability analysis and verification system based on this method was designed. 184 Windows applications samples was test and 117 upgrade vulnerabilities were detected in these samples, which proved validity of the method.

Published in 网络与信息安全学报

ISSN: 2096-109X (Print)
Publisher: POSTS&TELECOM PRESS Co., LTD
Country of publisher: China
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: http://www.infocomm-journal.com/cjnis/CN/2096-109X/home.shtml

About the journal

Abstract

Keywords