北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2019, Vol. 42 ›› Issue (5): 91-99.doi: 10.13190/j.jbupt.2018-212

• 论文 • 上一篇    下一篇

基于D-S证据理论的嵌入式固件Web代码静态漏洞检测技术

王思琪1,2, 缪思薇3, 张小玲1,2, 石志强1,2, 卢新岱4   

  1. 1. 中国科学院 信息工程研究所, 北京 100093;
    2. 中国科学院大学 网络空间安全学院, 北京 100049;
    3. 中国电力科学研究院有限公司, 北京 100192;
    4. 国网浙江省电力有限公司 电力科学研究院, 杭州 310014
  • 收稿日期:2018-11-10 出版日期:2019-10-28 发布日期:2019-10-28
  • 通讯作者: 石志强(1970-),男,正研级高工,博士生导师,E-mail:shizhiqiang@iie.ac.cn. E-mail:shizhiqiang@iie.ac.cn
  • 作者简介:王思琪(1992-),女,硕士生.
  • 基金资助:
    国家电网有限公司总部科技项目(52110418001K)

Static Vulnerability Detection Technology for the Embedded Firmware Web Code Based on D-S Evidence Theory

WANG Si-qi1,2, MIAO Si-wei3, ZHANG Xiao-ling1,2, SHI Zhi-qiang1,2, LU Xin-dai4   

  1. 1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
    2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;
    3. China Electric Power Research Institute, Beijing 100192, China;
    4. State Grid Zhejiang Electric Power Research Institute, Hangzhou 310014, China
  • Received:2018-11-10 Online:2019-10-28 Published:2019-10-28

摘要: 固件的漏洞挖掘和检测主要包含基于虚拟仿真的动态漏洞挖掘与检测技术和基于逆向工程的静态白盒审计技术等,其存在仿真率低或误报率高等问题,为此,提出了一种基于多维度特征的固件Web漏洞检测方法,利用多维度特征、多层级处理技术和基于D-S证据理论的漏洞推理规则,针对固件Web中常见的各类漏洞进行有效检测,并能降低漏洞检测误报率.

关键词: 固件web, 静态分析, 漏洞检测, 多维度特征, D-S证据理论

Abstract: Currently, vulnerabilities mining and detection for firmware mainly include dynamic analysis which based on virtual simulation and static auditing which based on reverse engineering. These techniques may have low simulation rate and high false positive rate. Proposing a method based on multi-dimensional features for detection of firmware web vulnerabilities. This method can detect common Web vulnerabilities in firmware effectively and lower the false positive rate by using multi-dimensional features, multi-level preprocessing and vulnerabilities reasoning models based on D-S evidence theory.

Key words: firmware web, static analysis, vulnerability detection, multi-dimensional feature, D-S evidence theory

中图分类号: