Automatic Analysis Technology of Kernel Vulnerability Attack Based on Finite State Machine

Abstract

Read online

Kernel vulnerability attack is a common attack way for operating systems,and the analysis of each attack stage is the key to defend against such attacks.Due to the complexity and variety of kernel vulnerability types,trigger paths,and exploit modes,it is difficult to analyze the attack process of kernel vulnerability.Moreover,the existing analysis work mainly focuses on forward program analysis methods such as taint analysis,and the efficiency is low.In order to improve the analysis efficiency,this thesis implements an automatic analysis technology of kernel vulnerability attack based on finite state machine.Firstly,the state transition diagram of kernel vulnerability attack is constructed as the key basis for analysis.Secondly,the idea of reverse analysis is introduced,and a reverse analysis model of kernel vulnerability attack process based on finite state machine is established,which can reduce the unnecessary analysis cost.Finally,based on the model,a reverse analysis method of kernel vulnerability attack is implemented,which can automatically and quickly analyze the kernel vulnerability attack process.By testing 10 attack samples,the results show that the reverse analysis method can accurately obtain the key code execution information,and compared with the traditional forward analysis method,the analysis efficiency is greatly improved.

Keywords

• kernel vulnerability|vulnerability exploit|privilege escalation attack|reverse analysis|vulnerability trigger point positioning