CN116738441A - Binary software component analysis method based on component signature - Google Patents

Binary software component analysis method based on component signature Download PDF

Info

Publication number
CN116738441A
CN116738441A CN202310718338.XA CN202310718338A CN116738441A CN 116738441 A CN116738441 A CN 116738441A CN 202310718338 A CN202310718338 A CN 202310718338A CN 116738441 A CN116738441 A CN 116738441A
Authority
CN
China
Prior art keywords
component
signature
version
software
binary
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310718338.XA
Other languages
Chinese (zh)
Inventor
程瑞
闵海钊
张帅兵
谢洪道
关宇
林颖峰
史本鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Machine Expo Ningbo Automotive Technology Co ltd
Original Assignee
China Machine Expo Ningbo Automotive Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Machine Expo Ningbo Automotive Technology Co ltd filed Critical China Machine Expo Ningbo Automotive Technology Co ltd
Priority to CN202310718338.XA priority Critical patent/CN116738441A/en
Publication of CN116738441A publication Critical patent/CN116738441A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The application relates to the field of network space security, and discloses a binary software component analysis method based on component signature, which comprises the following steps: the method comprises the steps of obtaining binary software to be identified, matching the binary software to be identified based on a component signature library, adding the matched component into a using component set, obtaining a version signature set corresponding to the using component set based on the component signature library, matching the binary software to be identified based on the version signature set, obtaining a component version number, and matching software vulnerabilities according to the component version number and the using component set. The application introduces the minimum hit times in the component signature scheme, effectively reduces the false alarm rate, realizes the full-flow automation in the process of generating and matching the component signature, reduces the labor cost, can process the situation that the software contains a plurality of components, and can accurately extract the version numbers of the components.

Description

Binary software component analysis method based on component signature
Technical Field
The application relates to the field of network space security, in particular to a binary software component analysis method based on component signature.
Background
The existing technical schemes mainly have the following problems, most of the existing schemes need to manually maintain the component signature, and great labor cost exists. Most of the prior schemes have imperfect matching mechanisms of component signatures, and serious phenomena of missing report and false report exist. Most of the existing solutions have imperfect matching mechanisms of component version signatures, and there is a phenomenon of severely erroneously acquiring component version numbers. The matching mechanism of component version signatures of existing schemes can generate some errors when multiple components are present in the software. These problems limit the application of binary software component analysis in practical production.
The manual maintenance of the component signature is high in cost, the false alarm phenomenon of the false alarm can seriously affect the quality of the software component analysis result and the quality of subsequent work based on the software component analysis result, and in order to solve the problems, the application designs a novel automatic component signature and component version signature generation scheme, a novel component signature matching scheme and a novel component version signature matching scheme.
Disclosure of Invention
The present application aims to overcome one or more of the above-mentioned existing technical problems, and provides a binary software component analysis method based on component signature.
In order to achieve the above object, the present application provides a binary software component analysis method based on component signature, including:
acquiring binary software to be identified;
matching binary software to be identified based on the component signature library, and adding the matched components into a using component set;
acquiring a version signature set corresponding to the use component set based on the component signature library;
matching binary software to be identified based on the version signature set to obtain a component version number;
and matching software vulnerabilities according to the component version number and the use component set.
According to one aspect of the application, the method for establishing the component signature library comprises the following steps:
initializing the component signature library as an empty set, and presetting the minimum hit number as N;
traversing an open source software library to obtain binary systems of different versions of the same component to obtain a component set;
extracting all character strings of the component binary system in the component set to obtain a character string set;
and taking an intersection set of the character string set and the component signature library, and outputting the component signature library if the number of intersection result elements is greater than or equal to N.
According to one aspect of the application, the method for establishing the component signature library further comprises:
and selecting a character string from the character string set, and adding the character string to the component signature library, so that the number of elements of the intersection of the character string set and the component signature library is greater than or equal to N.
According to one aspect of the application, binary software to be identified is preprocessed to obtain a binary code space, the binary code space comprises codes of components integrated by the binary software, the codes of each component have continuity, matching is performed according to the component signature library and the binary software to be identified, and if the number of elements of an intersection of a character string in the component signature library and the character string in the binary code space is greater than N, the components are considered to be matched and the used component set is added.
According to one aspect of the application, the method for establishing the version signature set comprises the following steps:
traversing an open source software library to obtain binary systems of different versions of the same component to obtain a component set;
extracting all character strings of the component binary system in the component set to obtain a character string set;
screening character strings containing version numbers in the character string set to obtain a version mark set;
and obtaining the version signature set based on the version mark set.
According to one aspect of the application, the method of establishing the version signature set further comprises:
initializing the version signature set as an empty set;
screening character strings containing version numbers from the character string set, and adding the character strings into the version signature set;
traversing the version mark set, if the version signature exists in the version signature set, the version signature set is complete, if the version signature can be matched with the current version mark set, generating a version signature for the current version mark, and adding the version signature set.
According to one aspect of the application, the version signature set and the version mark set are completed through a regular expression, version marks in the version mark set comprise identifiers and version numbers, and version marks in the version signature set are regular expressions.
To achieve the above object, the present application provides a binary software component analysis system based on component signature, comprising:
binary software acquisition module: acquiring binary software to be identified;
using a component set generation module: matching binary software to be identified based on the component signature library, and adding the matched components into a using component set;
version signature set acquisition module: acquiring a version signature set corresponding to the use component set based on the component signature library;
component version number acquisition module: matching binary software to be identified based on the version signature set to obtain a component version number;
software vulnerability matching module: and matching software vulnerabilities according to the component version number and the use component set.
To achieve the above object, the present application provides an electronic device including a processor, a memory, and a computer program stored in the memory and executable on the processor, the computer program implementing the above-mentioned binary software component analysis method based on component signature when executed by the processor.
To achieve the above object, the present application provides a computer readable storage medium having a computer program stored thereon, which when executed by a processor, implements the above-described binary software component analysis method for a component signature.
Based on the above, the application has the beneficial effects that:
1. in the component signature scheme, the minimum hit times are introduced, so that the false alarm rate is effectively reduced;
2. in the process of generating and matching the component signature, the full-flow automation is realized, and the labor cost is reduced;
3. the component signature version scheme can process the condition that the software contains a plurality of components, and can accurately extract the version numbers of the components.
Drawings
FIG. 1 is a flow chart of a binary software component analysis method based on component signatures of the present application;
FIG. 2 is a binary software code space diagram of a binary software component analysis method based on component signatures of the present application;
FIG. 3 is a flow chart of a binary software component analysis system based on component signatures of the present application.
Detailed Description
The present disclosure will now be discussed with reference to exemplary embodiments, it being understood that the embodiments discussed are merely for the purpose of enabling those of ordinary skill in the art to better understand and thus practice the present disclosure and do not imply any limitation to the scope of the present disclosure.
As used herein, the term "comprising" and variants thereof are to be interpreted as meaning "including but not limited to" open-ended terms. The terms "based on" and "based at least in part on" are to be construed as "at least one embodiment.
FIG. 1 is a flow chart of a binary software component analysis method based on component signature according to an embodiment of the present application, as shown in FIG. 1, and the binary software component analysis method based on component signature includes:
acquiring binary software to be identified;
matching binary software to be identified based on the component signature library, and adding the matched components into a using component set;
acquiring a version signature set corresponding to the use component set based on the component signature library;
matching binary software to be identified based on the version signature set to obtain a component version number;
and matching software vulnerabilities according to the component version number and the use component set.
According to one embodiment of the application, the method for establishing the component signature library comprises the following steps:
initializing the component signature library as an empty set, and presetting the minimum hit number as N;
traversing an open source software library to obtain binary systems of different versions of the same component to obtain a component set;
extracting all character strings of the component binary system in the component set to obtain a character string set;
and taking an intersection set of the character string set and the component signature library, and outputting the component signature library if the number of intersection result elements is greater than or equal to N.
According to one embodiment of the present application, the method for creating the component signature library further comprises:
and selecting a character string from the character string set, and adding the character string to the component signature library, so that the number of elements of the intersection of the character string set and the component signature library is greater than or equal to N.
According to one embodiment of the present application, as shown in fig. 2, binary software to be identified is preprocessed to obtain a binary code space, where the binary code space includes codes of components integrated by the binary software, each component has continuity, and matching is performed according to the component signature library with the binary software to be identified, and if the number of elements of an intersection of a character string in the component signature library and a character string in the binary code space is greater than N, the components are considered to be matched and added into the used component set.
According to one embodiment of the application, the method for establishing the version signature set comprises the following steps:
traversing an open source software library to obtain binary systems of different versions of the same component to obtain a component set;
extracting all character strings of the component binary system in the component set to obtain a character string set;
screening character strings containing version numbers in the character string set to obtain a version mark set;
and obtaining the version signature set based on the version mark set.
According to one embodiment of the present application, the method for establishing the version signature set further comprises:
initializing the version signature set as an empty set;
screening character strings containing version numbers from the character string set, and adding the character strings into the version signature set;
traversing the version mark set, if the version signature exists in the version signature set, the version signature set is complete, if the version signature can be matched with the current version mark set, generating a version signature for the current version mark, and adding the version signature set.
According to one embodiment of the application, the version signature set and the version mark set are completed through a regular expression, version marks in the version mark set comprise identifiers and version numbers, and version marks in the version signature set are regular expressions.
According to one embodiment of the application, there are many open source libraries in the internet, each library providing a specific set of functions, and software developers and individual developers will integrate some open source libraries into the software based on the actual functional needs, which can reduce development costs. In the present application, an open source library is referred to as a component. Vulnerabilities refer to potential safety hazards existing in software and component codes, and an attacker can trigger the vulnerabilities by constructing special inputs and environments so as to achieve some malicious behaviors. The goal of the software component analysis is to analyze the version numbers of the components integrated by the software and the corresponding components. Software that integrates components that are subject to vulnerabilities may also be subject to vulnerabilities. The ultimate goal of software component analysis is to check whether the software integrates components that are vulnerable. Binary software component analysis is a special software component analysis technology, and the application scene is that only the compiled product of the software can be obtained, ELF files are used in a UNIX system, PE files are used in a Windows system, and the source code of the software cannot be obtained. Component signatures are features of a component, and can be used to analyze the components of software to determine whether the software contains a component. There are many kinds of component signatures, and the performance of different component signatures varies. The component version signature is also a feature of a component, and the difference between the component version signature and the component signature is that an application scene of the component signature is to judge whether a certain component is contained in software, and the application scene of the component version signature is to continuously judge the version number of the component when the fact that the certain component is contained in the software is determined. There are many kinds of component version signatures, with different component version signatures having different capabilities. An ELF file is a common binary file format, which is a portable shared library format that can run on multiple platforms. It is a compressed shared library that can use the same code on different platforms. An ELF file typically contains one or more executable files that can run on different platforms. PE files are a portable executable file format, which is a file format used by Windows operating systems. The application refers to ELF files and PE files as binary software.
According to one embodiment of the application, the application includes a package signature generation scheme, a component signature matching scheme, and a component version signature matching scheme. The component signature scheme generates a component signature and a component version signature for a component, the component signature matching scheme judges whether the software integrates a certain component or not based on the component signature, and the component version signature matching scheme obtains the version number of the certain component integrated by the software based on the component version signature.
According to one embodiment of the application, the selection of an appropriate string from the set of strings, one appropriate string, must meet all of the following requirements: the string should contain the component name, the case can be ignored. For example, the package name is zip, the string is LIBZIP2.3, the case is ignored, the string can be considered to contain the component name, the case is ignored, and the string should not be equal to the package name. For example, the packet name is ZIP, the string is equal to the packet name, the string should not start with/var, because the var directory is the state information when the linux system is running, such a string is not suitable as a signature, the string should not be a path of a source code file, such as/home/linux/src 1.C, and the string should not contain version number information, such as libzip1.3.2, including version number 1.3.2.
According to one embodiment of the application, a version stamp should contain two components, one an identifier and one a version number, such as openssl2.1.1, where the first component is the identifier and the second component is the version number. Version signature is a regular expression, such as OpenSSL (\d +) as version signature, the OpenSSL2.1.1 can be matched and the version number 2.1.1 can be successfully extracted.
Furthermore, in order to achieve the above object, the present application also provides a binary software component analysis system based on component signature, and fig. 3 is a schematic structural diagram of a binary software component analysis system based on component signature in the present application, as shown in fig. 3, a binary software component analysis system based on component signature in the present application includes:
according to one embodiment of the application, the method for establishing the component signature library comprises the following steps:
initializing the component signature library as an empty set, and presetting the minimum hit number as N;
traversing an open source software library to obtain binary systems of different versions of the same component to obtain a component set;
extracting all character strings of the component binary system in the component set to obtain a character string set;
and taking an intersection set of the character string set and the component signature library, and outputting the component signature library if the number of intersection result elements is greater than or equal to N.
According to one embodiment of the present application, the method for creating the component signature library further comprises:
and selecting a character string from the character string set, and adding the character string to the component signature library, so that the number of elements of the intersection of the character string set and the component signature library is greater than or equal to N.
According to one embodiment of the present application, as shown in fig. 2, binary software to be identified is preprocessed to obtain a binary code space, where the binary code space includes codes of components integrated by the binary software, each component has continuity, and matching is performed according to the component signature library with the binary software to be identified, and if the number of elements of an intersection of a character string in the component signature library and a character string in the binary code space is greater than N, the components are considered to be matched and added into the used component set.
According to one embodiment of the application, the method for establishing the version signature set comprises the following steps:
traversing an open source software library to obtain binary systems of different versions of the same component to obtain a component set;
extracting all character strings of the component binary system in the component set to obtain a character string set;
screening character strings containing version numbers in the character string set to obtain a version mark set;
and obtaining the version signature set based on the version mark set.
According to one embodiment of the present application, the method for establishing the version signature set further comprises:
initializing the version signature set as an empty set;
screening character strings containing version numbers from the character string set, and adding the character strings into the version signature set;
traversing the version mark set, if the version signature exists in the version signature set, the version signature set is complete, if the version signature can be matched with the current version mark set, generating a version signature for the current version mark, and adding the version signature set.
According to one embodiment of the application, the version signature set and the version mark set are completed through a regular expression, version marks in the version mark set comprise identifiers and version numbers, and version marks in the version signature set are regular expressions.
According to one embodiment of the application, there are many open source libraries in the internet, each library providing a specific set of functions, and software developers and individual developers will integrate some open source libraries into the software based on the actual functional needs, which can reduce development costs. In the present application, an open source library is referred to as a component. Vulnerabilities refer to potential safety hazards existing in software and component codes, and an attacker can trigger the vulnerabilities by constructing special inputs and environments so as to achieve some malicious behaviors. The goal of the software component analysis is to analyze the version numbers of the components integrated by the software and the corresponding components. Software that integrates components that are subject to vulnerabilities may also be subject to vulnerabilities. The ultimate goal of software component analysis is to check whether the software integrates components that are vulnerable. Binary software component analysis is a special software component analysis technology, and the application scene is that only the compiled product of the software can be obtained, ELF files are used in a UNIX system, PE files are used in a Windows system, and the source code of the software cannot be obtained. Component signatures are features of a component, and can be used to analyze the components of software to determine whether the software contains a component. There are many kinds of component signatures, and the performance of different component signatures varies. The component version signature is also a feature of a component, and the difference between the component version signature and the component signature is that an application scene of the component signature is to judge whether a certain component is contained in software, and the application scene of the component version signature is to continuously judge the version number of the component when the fact that the certain component is contained in the software is determined. There are many kinds of component version signatures, with different component version signatures having different capabilities. An ELF file is a common binary file format, which is a portable shared library format that can run on multiple platforms. It is a compressed shared library that can use the same code on different platforms. An ELF file typically contains one or more executable files that can run on different platforms. PE files are a portable executable file format, which is a file format used by Windows operating systems. The application refers to ELF files and PE files as binary software.
According to one embodiment of the application, the application includes a package signature generation scheme, a component signature matching scheme, and a component version signature matching scheme. The component signature scheme generates a component signature and a component version signature for a component, the component signature matching scheme judges whether the software integrates a certain component or not based on the component signature, and the component version signature matching scheme obtains the version number of the certain component integrated by the software based on the component version signature.
According to one embodiment of the application, the selection of an appropriate string from the set of strings, one appropriate string, must meet all of the following requirements: the string should contain the component name, the case can be ignored. For example, the package name is zip, the string is LIBZIP2.3, the case is ignored, the string can be considered to contain the component name, the case is ignored, and the string should not be equal to the package name. For example, the packet name is ZIP, the string is equal to the packet name, the string should not start with/var, because the var directory is the state information when the linux system is running, such a string is not suitable as a signature, the string should not be a path of a source code file, such as/home/linux/src 1.C, and the string should not contain version number information, such as libzip1.3.2, including version number 1.3.2.
According to one embodiment of the application, a version stamp should contain two components, one an identifier and one a version number, such as openssl2.1.1, where the first component is the identifier and the second component is the version number. Version signature is a regular expression, such as OpenSSL (\d +) as version signature, the OpenSSL2.1.1 can be matched and the version number 2.1.1 can be successfully extracted.
In order to achieve the above object, the present application also provides an electronic device including: the system comprises a processor, a memory and a computer program stored in the memory and capable of running on the processor, wherein the computer program is executed by the processor to realize the binary software component analysis method based on the component signature.
To achieve the above object, the present application further provides a computer readable storage medium having a computer program stored thereon, which when executed by a processor, implements a binary software component analysis method based on component signatures as described above.
Based on the above, the application has the beneficial effects that the minimum hit times are introduced in the component signature scheme, so that the false alarm rate is effectively reduced; in the process of generating and matching the component signature, the full-flow automation is realized, and the labor cost is reduced; the component signature version scheme can process the condition that the software contains a plurality of components, and can accurately extract the version numbers of the components.
Those of ordinary skill in the art will appreciate that the modules and algorithm steps described in connection with the embodiments disclosed herein can be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus and device described above may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical modules, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the embodiment of the application.
In addition, each functional module in the embodiment of the present application may be integrated in one processing module, or each module may exist alone physically, or two or more modules may be integrated in one module.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method for energy saving signal transmission/reception of the various embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk, etc.
The above description is only illustrative of the preferred embodiments of the present application and of the principles of the technology employed. It will be appreciated by persons skilled in the art that the scope of the application referred to in the present application is not limited to the specific combinations of the technical features described above, but also covers other technical features formed by any combination of the technical features described above or their equivalents without departing from the inventive concept. Such as the above-mentioned features and the technical features disclosed in the present application (but not limited to) having similar functions are replaced with each other.
It should be understood that, the sequence numbers of the steps in the summary and the embodiments of the present application do not necessarily mean the order of execution, and the execution order of the processes should be determined by the functions and the internal logic, and should not be construed as limiting the implementation process of the embodiments of the present application.

Claims (10)

1. A binary software component analysis method based on component signatures, comprising:
acquiring binary software to be identified;
matching binary software to be identified based on the component signature library, and adding the matched components into a using component set;
acquiring a version signature set corresponding to the use component set based on the component signature library;
matching binary software to be identified based on the version signature set to obtain a component version number;
and matching software vulnerabilities according to the component version number and the use component set.
2. The component signature-based binary software component analysis method according to claim 1, wherein the method for creating the component signature library is:
initializing the component signature library as an empty set, and presetting the minimum hit number as N;
traversing an open source software library to obtain binary systems of different versions of the same component to obtain a component set;
extracting all character strings of the component binary system in the component set to obtain a character string set;
and taking an intersection set of the character string set and the component signature library, and outputting the component signature library if the number of intersection result elements is greater than or equal to N.
3. The component signature based binary software component analysis method of claim 2, wherein the method of creating the component signature library further comprises:
and selecting a character string from the character string set, and adding the character string to the component signature library, so that the number of elements of the intersection of the character string set and the component signature library is greater than or equal to N.
4. A binary software component analysis method based on component signature as claimed in claim 3, wherein binary software to be identified is preprocessed to obtain a binary code space, the binary code space includes codes of components integrated by binary software, each component code has continuity, matching is performed according to the component signature library with binary software to be identified, and if the number of elements of intersection of character strings in the component signature library and character strings in the binary code space is greater than N, then components are considered to be matched and the used component set is added.
5. The component signature-based binary software component analysis method of claim 4, wherein the method of creating the version signature set is:
traversing an open source software library to obtain binary systems of different versions of the same component to obtain a component set;
extracting all character strings of the component binary system in the component set to obtain a character string set;
screening character strings containing version numbers in the character string set to obtain a version mark set;
and obtaining the version signature set based on the version mark set.
6. The component signature based binary software composition analysis method of claim 5, wherein the method of creating the version signature set further comprises:
initializing the version signature set as an empty set;
screening character strings containing version numbers from the character string set, and adding the character strings into the version signature set;
traversing the version mark set, if the version signature exists in the version signature set, the version signature set is complete, if the version signature can be matched with the current version mark set, generating a version signature for the current version mark, and adding the version signature set.
7. The component signature-based binary software component analysis method of claim 6, wherein the set of version signatures and the set of version tags are completed by a regular expression, the version tags in the set of version tags comprise identifiers and version numbers, and the version signatures in the set of version signatures are regular expressions.
8. A binary software component analysis system based on component signatures, comprising:
binary software acquisition module: acquiring binary software to be identified;
using a component set generation module: matching binary software to be identified based on the component signature library, and adding the matched components into a using component set;
version signature set acquisition module: acquiring a version signature set corresponding to the use component set based on the component signature library;
component version number acquisition module: matching binary software to be identified based on the version signature set to obtain a component version number;
software vulnerability matching module: and matching software vulnerabilities according to the component version number and the use component set.
9. An electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program implementing a component signature based binary software component analysis method as claimed in any one of claims 1 to 7 when executed by the processor.
10. A computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, which when executed by a processor implements a binary software component analysis method based on component signatures as claimed in any one of claims 1 to 7.
CN202310718338.XA 2023-06-16 2023-06-16 Binary software component analysis method based on component signature Pending CN116738441A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310718338.XA CN116738441A (en) 2023-06-16 2023-06-16 Binary software component analysis method based on component signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310718338.XA CN116738441A (en) 2023-06-16 2023-06-16 Binary software component analysis method based on component signature

Publications (1)

Publication Number Publication Date
CN116738441A true CN116738441A (en) 2023-09-12

Family

ID=87905816

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310718338.XA Pending CN116738441A (en) 2023-06-16 2023-06-16 Binary software component analysis method based on component signature

Country Status (1)

Country Link
CN (1) CN116738441A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117972399A (en) * 2024-03-28 2024-05-03 北京安普诺信息技术有限公司 Feature extraction method, device, equipment and medium for binary SCA

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117972399A (en) * 2024-03-28 2024-05-03 北京安普诺信息技术有限公司 Feature extraction method, device, equipment and medium for binary SCA

Similar Documents

Publication Publication Date Title
US8220048B2 (en) Network intrusion detector with combined protocol analyses, normalization and matching
Caballero et al. Polyglot: Automatic extraction of protocol message format using dynamic binary analysis
US7707635B1 (en) Script-based pattern for detecting computer viruses
Stolfo et al. Towards stealthy malware detection
US20090328185A1 (en) Detecting exploit code in network flows
CN116738441A (en) Binary software component analysis method based on component signature
CN102123058A (en) Test equipment and method for testing network protocol decoder
US7389538B2 (en) Static code image modeling and recognition
CN110879889A (en) Method and system for detecting malicious software of Windows platform
CN112395597A (en) Method and device for detecting website application vulnerability attack and storage medium
Korine et al. DAEMON: dataset/platform-agnostic explainable malware classification using multi-stage feature mining
CN110768950A (en) Permeation instruction sending method and device, storage medium and electronic device
CN111797401B (en) Attack detection parameter acquisition method, device, equipment and readable storage medium
CN112507336A (en) Server-side malicious program detection method based on code characteristics and flow behaviors
US9871807B2 (en) Generic protocol decoder for generic application-level protocol signatures
CN111770097A (en) Content lock firewall method and system based on white list
CN114629711B (en) Method and system for detecting special Trojan horse on Windows platform
CN108573148B (en) Confusion encryption script identification method based on lexical analysis
CN113849817B (en) Detection method and device for pollution loopholes of JavaScript prototype chain
CN112953957B (en) Intrusion prevention method, system and related equipment
CN112468343B (en) Restoration platform and method for network data packet important materials based on X86 card
CN114510717A (en) ELF file detection method and device and storage medium
Kruegel et al. Reverse engineering of network signatures
CN114741692A (en) Method, system, equipment and readable storage medium for back door flow identification
CN114024651A (en) Method, device and equipment for identifying coding type and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination