Python Attack Script Analysis Based On Symbolic Execution

With the rapid development of information technology and wide application,Internet and computer has been fully integrated into people's lives.However,the risk of network intrusion is also increased dramatically.IDS as an important information security assistance system,which can deal with the network worm and some malicious network attacks.The signature used by IDS is often written by the security personnel,who build the experimental environment to analysis the behavior of attack scripts after the spreading of the script.But as new vulnerabilities emerge with high frequency and large quantity,human resource can not adapt to the speed of the exploit.Therefore,we need to extract the attack pattern as soon as possible.Under such background,the pattern extraction technique was born.The existing attack pattern extraction technology is divided into two categories,based on network(NSG)and host(NSG).But these methods demand building the experimental environment and setting up the specific version of the target drone,which are semi-automatic,and cannot work without manual labor.Taking into account the rate of spread of the script and the difficulty of extracting the pattern,we propose a Python script automatic analysis system based on symbolic execution,named PyExZ3+.The system is based on PyExZ3.By using the technique of symbolic execution,PyExZ3+ can capture the Python attack and can extract the every attack behavior of the script.In order to implement the symbolic execution technology in the pattern extraction technology,we puts forward the strategy of the loop identification,the runtime resolver and the path optimization of the encoding.In addition,we build the environment modeling of the common library functions in Python attack script,which can be used to complete the input of the symbolic operation according to the normal logic.In order to verify the validity and effectiveness of the symbolic execution technology,we designs several functional tests,efficiency tests,and output analysis experiments.The results of the analysis of real Python attack scripts show that the symbolic execution is feasible and practical in the field of script analysis.Compared to the existing symbolic execution tools like CHEF and PyExZ3,PyExZ3+ is more efficient and accurate.As the basis of symbolic execution tool,the basic functional testing and efficiency testing show that PyExZ3+ can optimize the dynamic identification cycle and can improve the execution efficiency of the cycle path.In general,PyExZ3+ is able to effectively implement the dynamic symbolic execution to target scripts,and automatically analyze scripts with high efficiency and feasibility.