WEKO3
アイテム
Generation of IDS Signatures through Exhaustive Execution Path Exploration in PoC Codes for Vulnerabilities
https://ipsj.ixsq.nii.ac.jp/records/227711
https://ipsj.ixsq.nii.ac.jp/records/22771134465205-dfb7-49c6-857c-e34bba20df6d
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6409016.pdf (1.3 MB)
2025年9月15日からダウンロード可能です。
|
Copyright (c) 2023 by the Information Processing Society of Japan
|
|
| 非会員:¥0, IPSJ:学会員:¥0, 論文誌:会員:¥0, DLIB:会員:¥0 | ||
| Item type | Journal(1) | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2023-09-15 | |||||||||||||
| タイトル | ||||||||||||||
| タイトル | Generation of IDS Signatures through Exhaustive Execution Path Exploration in PoC Codes for Vulnerabilities | |||||||||||||
| タイトル | ||||||||||||||
| 言語 | en | |||||||||||||
| タイトル | Generation of IDS Signatures through Exhaustive Execution Path Exploration in PoC Codes for Vulnerabilities | |||||||||||||
| 言語 | ||||||||||||||
| 言語 | eng | |||||||||||||
| キーワード | ||||||||||||||
| 主題Scheme | Other | |||||||||||||
| 主題 | [特集:サイバー空間を安全にするコンピュータセキュリティ技術] Network Security, Intrusion Detection Systems, Metasploit | |||||||||||||
| 資源タイプ | ||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||
| 資源タイプ | journal article | |||||||||||||
| 著者所属 | ||||||||||||||
| Graduate School of Infomatics, Kyoto University/Presently with NTT Network Service Systems Laboratories | ||||||||||||||
| 著者所属 | ||||||||||||||
| NTT Social Informatics Laboratories | ||||||||||||||
| 著者所属 | ||||||||||||||
| Academic Center for Computing and Media Studies, Kyoto University | ||||||||||||||
| 著者所属 | ||||||||||||||
| Academic Center for Computing and Media Studies, Kyoto University | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Graduate School of Infomatics, Kyoto University / Presently with NTT Network Service Systems Laboratories | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| NTT Social Informatics Laboratories | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Academic Center for Computing and Media Studies, Kyoto University | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Academic Center for Computing and Media Studies, Kyoto University | ||||||||||||||
| 著者名 |
Masaki, Kobayashi
× Masaki, Kobayashi
× Yo, Kanemoto
× Daisuke, Kotani
× Yasuo, Okabe
|
|||||||||||||
| 著者名(英) |
Masaki, Kobayashi
× Masaki, Kobayashi
× Yo, Kanemoto
× Daisuke, Kotani
× Yasuo, Okabe
|
|||||||||||||
| 論文抄録 | ||||||||||||||
| 内容記述タイプ | Other | |||||||||||||
| 内容記述 | There have been many vulnerabilities, and we need prompt countermeasures. One factor that makes more rapid measures necessary is Proof of Concept (PoC) codes. Although they are released to promote vulnerability countermeasures, attackers can also abuse them. In this paper, we analyze PoC codes that send HTTP requests, then generate IDS signatures. To analyze codes, there are two policies: dynamic analysis and static analysis. However, the former cannot cover the execution paths, and the latter cannot analyze dynamically determined values. In addition, symbolic execution compensates for their shortcomings, but its implementation cost is high. We propose a signature generation method for PoC codes that send HTTP requests based on an analysis combining dynamic and static analysis. We first statically explore execution paths of the code by searching for the conditional branch syntax using the abstract syntax tree. Then, we rewrite the branch conditions to enforce the specific execution path and generate a new code corresponding to each path. Finally, we execute each code, generate the attack requests dynamically, and extract signatures. The average detection rate for the requests was 86.9%. Moreover, we tested the signatures for 30 codes by actually executing them, and for nine codes, we detected the attack. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.31(2023) (online) DOI http://dx.doi.org/10.2197/ipsjjip.31.591 ------------------------------ |
|||||||||||||
| 論文抄録(英) | ||||||||||||||
| 内容記述タイプ | Other | |||||||||||||
| 内容記述 | There have been many vulnerabilities, and we need prompt countermeasures. One factor that makes more rapid measures necessary is Proof of Concept (PoC) codes. Although they are released to promote vulnerability countermeasures, attackers can also abuse them. In this paper, we analyze PoC codes that send HTTP requests, then generate IDS signatures. To analyze codes, there are two policies: dynamic analysis and static analysis. However, the former cannot cover the execution paths, and the latter cannot analyze dynamically determined values. In addition, symbolic execution compensates for their shortcomings, but its implementation cost is high. We propose a signature generation method for PoC codes that send HTTP requests based on an analysis combining dynamic and static analysis. We first statically explore execution paths of the code by searching for the conditional branch syntax using the abstract syntax tree. Then, we rewrite the branch conditions to enforce the specific execution path and generate a new code corresponding to each path. Finally, we execute each code, generate the attack requests dynamically, and extract signatures. The average detection rate for the requests was 86.9%. Moreover, we tested the signatures for 30 codes by actually executing them, and for nine codes, we detected the attack. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.31(2023) (online) DOI http://dx.doi.org/10.2197/ipsjjip.31.591 ------------------------------ |
|||||||||||||
| 書誌レコードID | ||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 64, 号 9, 発行日 2023-09-15 |
|||||||||||||
| ISSN | ||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||
| 公開者 | ||||||||||||||
| 言語 | ja | |||||||||||||
| 出版者 | 情報処理学会 | |||||||||||||
