Research On Automatic Vulnerability Detection Technology Of System Network Security

Software vulnerability analysis is one of the frequently used techniques that detect and discover inner drawbacks of softwares,which is also a research hotspot in the area of cyberspace security.The corresponding techniques have been applied on software designing,coding,testing and publishment.With the rapid development of Artificial Intelligence(AI)techniques,automated software vulnerability discovery becomes a new research hotspot.This thesis proposes the novel AI-based software vulnerability detection technique,which is based on the genetic algorithm,the theory of immunity and combined kernel functions.This technique is of benefit to automated vulnerability discovery and exploitation,risk assessment and penetration testing.We make the following contributions:First,this work proposes an automated vulnerability discovery method,consisting of two novel techniques AFLPro and Anti-Driller.AFLPro is a direction sensitive fuzzing method.It proposes a novel strategy on seed selection,that calculates the basic code blocks weight combined with the control-flow information.Then it puts forward a seed energy scheduling strategy to enhance the guidance on the seed mutation.Anti-Driller technique is proposed to mitigate the "path explosion"problem.It first generates a specific input proceeding from symbolic execution based on a control flow graph.Then it leverages a mutation-based fuzzer to find vulnerabilities while avoiding invalid mutations.Second,this work proposes an automated vulnerability exploitation framework AutoE,consisting of five exploitation techniques(i.e.,IPOV,AutoJS,AutoROP,AutoBase64,and AutoXOR)and a scheduling technique AutoS.Specifically,AutoE can automatically determine whether the discovered vulnerability is exploitable and then select the proper exploitation technique adaptively.IPOV overwrites the correct address of the return address with a shellcode;AutoROP leverages the Return Oriented Programming attack technique;AutoJS leverages the Injecting a Shellcode and Jmp Esp techniques,respectively;AutoBase64 first decodes the base64 encoding string,and then overwrites the correct address of the return address with a shellcode that has been encoded with the base64 encoding algorithm;AutoXOR first decodes the xor encoding string,and then overwrites the correct address of the return address with a shellcode that has been encoded with the xor encoding algorithm.AutoS proposes an efficient genetic algorithm(GA)-based scheduling method,that produces a scheduling solution by optimizing a specific fitness function.It can improve the efficiency of vulnerability detection.Third,this work proposes an automated risk assessment method.With the theory of immunity,this work treats the running system as a whole part and proposes a static system risk assessment model based on fuzzy fractional-order ordinary differential equation.It leverages the contraction operator to obtain a unique solution in the space of squared integrable equations and develops the second solution.It also leverages a taylor series to approximate the solution and estimate the error.With the network attacking detection process,antibody concentration calculation method and the risk prediction process,it can produce the overall risks for the whole network and hosts quantitatively.Fourth,this work proposes an automated penetration testing method.Specifically,it consists of a PE header-based attacking flow selection and classification method,i.e.,PE-Classifier,and a combined kernel function-based fitness analysis method,i.e.,CKF-AI.This technique first collects and classifies flow features,and then calculates a fitness score,further selects the attacking flow that has the highest fitness score to perform penetration testing.Based on the large-scale statistical analysis of the PE file samples,PE-Classifier proposes the notion of "metadata",that describes the features for malicious and benign code,and trains the classification model.Specifically,in order to speed up the training process,PE-Classifier uses the distributed platform and trains the classifier with a distributed random forest algorithm.CKF-AI combines global kernel function and local kernel function and constructs a linear combination kernel function,that can satisfy the Mercer theorem.With the adjustment of the weight coefficient factor on the linear combination kernel function,it can achieve a better comprehensive prediction effect in the support vector machine model.With the CKF-AI model,each sample of the attacking flow will be marked a score,and that with the highest score will be used to perform penetration testing.Fifth,this work designs and implements a vulnerability detection system namely Sapiens.It integrates vulnerability discovery and exploitation,risk assessment,and penetration testing techniques,that can help users identify,evaluate and manage system security risk.We first introduce the management needs,network scheme,automated detection framework,service logic,and data specification,and then introduce the system implementation.