Research On Web Attack Traffic Extraction And Generation Technology Based On Symbol Execution

With the increasing scale of the Internet and the increasing complexity of the topology,the challenges of network security have become increasingly serious.In order to meet these challenges,it is necessary to reproduce the scene of network attacks in real time to validate the new defense technology effectively.But at present,deploying a traditional Web simulation attack scenario requires a lot of investment,and at the same time,it will face scalability and other issues.Therefore,there is an urgent need to extract the Web attack traffic to simulate the Web attack behavior of various characteristics such as defect detection,vulnerability attack and so on.In this context,Web attack traffic extraction technology came into being.Current extraction technologies are mainly divided into real traffic collection based on target machine,traffic feature-based modeling and traffic analysis and extraction based on real network environment.However,there are obvious shortcomings in the effectiveness and automation of these three technologies.In view of this,this paper proposes a symbolic execution-based Web attack traffic extraction and generation technology,that is,by defining symbolic semantics in the programming language of Web attack scripts,it can support symbolic execution,traverse all execution paths of Web attack scripts by using dynamic symbolic execution technology,and make use of external environment calls that may occur during the execution of dynamic symbols,and to solve the problem of path space explosion caused by deep loop or recursion,environment modeling method and recursive recognition algorithm are designed respectively to track the structure of payload andrealize efficient extraction and on-demand generation of attack traffic.In order to validate the above-mentioned technologies,this paper designs a number of experiments to test and verify the feasibility,effectiveness and efficiency of the technologies.The test results show that the dynamic symbol execution technology is feasible in the analysis of Web attack scripts,and further proves the feasibility of the technology of extracting and generating Web attack traffic based on symbol execution.Linearity and effectiveness can effectively and automatically collect Web attack traffic,and construct actual and effective real attack traffic,which makes up for the shortcomings of traditional Web attack traffic extraction and generation technology.