Unknown Anti-Serialization Vulnerability Detection System Based On Intrusion Behavior

In recent years,along with the rapid development of the Internet,social,shopping,finance and other industries had begun to embrace the Internet,followed by a large number of Web applications.Limited by the developer level,security vulnerabilities in the Web applications were endless to make the user privacy and data security suffered a serious threat.In many Web vulnerabilities,the anti-serialization vulnerability had become one of the most threatening vulnerabilities in Web applications due to the low exploit conditions,the high access rights after attack,and the wide range of impact.How to detect the unknown anti-serialization vulnerability quickly and effectively,for the protection of Internet security was of great significance.In order to solve the problem that traditional static analysis and dynamic analysis could not detect unknown deserialization vulnerabilities effectively,this paper combined the host intrusion detection and Web application dynamic monitoring to construct a complete vulnerability attack behavior chain,which detected the Web application Unknown deserialization vulnerability systematically.In this paper,host monitoring was taken as the starting point to monitor the attacker's behavior after the intrusion of the host through the serialization vulnerability,and the abnormal behavior of the host was associated with the Web application.Through hooking the PHP underlying function in Web applications,accessed to the PHP function call chain,and established call-chains of deserialization vulnerabilities from the input point to the exploit point.Finally,a complete anti-serialized vulnerability attack chain was established from the vulnerability trigger to the host attack,and the intrusion behavior of the deserialization vulnerability was detected.This paper designs an intrusion detection system consisting of the host monitoring plugin and the hook extension of the Web application,and tested the seven deserialized vulnerabilities.In the absence of prior knowledge,it can accurately detect the all anti-serialization loopholes and timely Effective warning,while it restored and demonstrates the vulnerability details and intrusion behavior to users,with good performance.Experiments showed that the unknown deserialization vulnerability detection system based on intrusion was quasi-efficient and timely for unknown deserialization vulnerabilities.