Application Research Of Symbol Execution Technology In Vulnerability Detection Of Unknown Protocol

An unknown protocol refers to a communication protocol in which the relevant information such as the protocol format specification is not disclosed.Due to the consideration of confidentiality requirements,more and more communication processes are currently choosing to develop and use unknown protocols for the transmission of information data.However,due to the existence of various types of security threats in the irmplementation and actual application of the unknown protocol,and in the actual network environment,the current network security devices are mostly based on the known protocol packet format for detection and protection,and for unknown protocols.Security is hard to work.Therefore,it is of great practical significance and research value to conduct security research on unknown protocols.Based on this,the paper studies and proposes the application of sylmbolic execution techniques to the vulnerability detection process of unknown protocols.By studying and analyzing the characteristics of unknown protocols and the requirements of vulnerability detection,the problem of parsing the input message format set of unknown protocol is proposed.The paper proposes an input message format parsing method based on dynamic symbol execution technology,which realizes the input of unknown protocol.Effective extraction of content such as text format and protocol domain information structure.Aiming at the problem of unknown protocol state machine analysis,a protocol state machine analysis method based on protocol session path execution tree is proposed.The logical relationship between parent and child nodes in tree structure is used to represent the migration process between protocol session states.Analysis and construction of the protocol state machine information of the protocol.Aiming at the problem of fuzzy test case generation in the protocol vulnerability detection phase,a fuzzy test case generation strategy based on symbolic expression is proposed.The fuzzy test case required for vulnerability detection is constructed and generated by analyzing the symbolic mapping relationship collected by the symbol execution engine,effectively improve the effectiveness of test cases and detection efficiency.Based on the research and proposed methods,the paper designs and implements the prototype ASPTest based on the open source fr-amework Angr and SPIKE,and designs experimental tests to verify the effectiveness of the method and the availability of the ASPtest system.In the experimental stage,the paper tests and analyzes the public protocol FTP and SMTP under the assumption of no prior knowledge,and successfully parses the packet format structure and state machine information of FTP protocol and SMTP protocol,and detects the existence of both.Buffer overflow vulnerability.In addition,the paper also carried out an experimental analysis of the SDBot remote control Trojan communication protocol,successfully parsing the protocol format structure and detecting its existence of buffer overflow vulnerability.