| Nowadays,the vulnerability in the software upgrade process are extremely harmful to network security.However,the detection of upgrade vulnerability is facing serious difficulties and problems.The main reasons are reflected in two aspects.Due to the large number of application software and complex sources,there is a lack of uniform vulnerability detection methods and standards during the upgrade process.Furthermore,the current identification and discovery of software upgrade vulnerabilities mainly depend on manual completion,which is inefficient and heavily dependent on manual experience,and it is difficult to meet the requirements for efficient analysis and detection under the condition of large-scale samples.In order to solve the above problems,Dissertation mainly studies the automatic detection and analysis method of the vulnerability of the software upgrade process.Through the analysis of the network communication traffic during the software upgrade process,the detection and analysis of the software upgrade vulnerability is realized.This article proposed a network upgrade traffic filtering model based on neural networks,which can filter out traffic related to software upgrade vulnerabilities in large-scale traffic data,provide targeted areas for the following analysis model,and narrow the analysis scope.On this basis,based on the software upgrade security model analysis,this paper establishes an identification and analysis model of upgrade vulnerabilities for traffic characteristics,so as to realize the identification and verification of multiple types of upgrade vulnerabilities.Finally,this article built a software upgrade vulnerability analysis system.Through the identification and analysis of software upgrade vulnerabilities,while solving the problem of large numbers of samples,it has important significance and role in improving the overall security level of software and systems.The main innovations of this article are as follows:1.Propose the software upgrade security model and the classification criteria of upgrade vulnerability.In order to accurately characterize and analyze the key data in software upgrade traffic,this paper first designed a software upgrade vulnerability classification model,and used this as a benchmark to classify the types of upgrade vulnerabilities.In order to illustrate the scientificity and rationality of this division,this article describes various types of software upgrade vulnerabilities,and analyzes the software upgrade vulnerabilities in conjunction with examples.Through the analysis of examples to illustrate the effectiveness and scientificity of the software upgrade vulnerability classification model,so as to provide scientific experimental support for the construction of the next software upgrade analysis system.2.Propose a network upgrade traffic filtering model based on neural network.Dissertation proposes a network upgrade traffic filtering model based on neural network.In order to solve the actual problem of low efficiency of manual analysis and difficulty in satisfying large batches of samples at present,aiming at the dependence relationship between data packets and network flows in network traffic,feature vector is performed from two levels of data packets and network flows.Based on the feature vector,this paper proposed a neural network model for vulnerability traffic filtering.The model does not require manual feature extraction,and can well learn the dependency relationship between data packets and network flows.It can make full use of comprehensive traffic characteristics to classify network upgrade traffic,which can be filtered in large-scale traffic data.Traffic related to software upgrade vulnerabilities is provided to provide targeted areas for subsequent analysis models and narrow the analysis scope.At the same time,the network upgrade traffic filtering model based on neural network proposed in this paper can concurrently process large-scale network traffic,which greatly improves the filtering efficiency.3.Propose a traffic-based network upgrade vulnerability analysis model,and analysis the key elements of the upgrade vulnerability in detail.Based on the software upgrade vulnerability classification model,Dissertation proposes a traffic-based network upgrade vulnerability analysis model based on the software upgrade vulnerability classification model proposed in this paper,and analyzes the key elements of the upgrade vulnerability in detail.At the same time,this article describes in detail the architecture of the network upgrade vulnerability analysis model and the implementation of each module.In order to illustrate the effectiveness of the model,this article combines the CNVD-2018-06296 vulnerability instance to analyze and verify the network upgrade vulnerability.4.Propose a software upgrade vulnerability analysis system and analysis it.Dissertation builds a software upgrade vulnerability analysis system based on the network upgrade traffic filtering model and network upgrade vulnerability analysis model,and mainly introduces the system model architecture,neural network model training process and system implementation.It takes a large amount of program traffic to be detected as input,filters it based on the network upgrade traffic filtering model,filters out the targeted area,that is,the network upgrade vulnerability related flow data,and submits this part of the flow data and corresponding software to the network Upgrade vulnerability analysis platform,which is composed of multiple virtual machines,and the traffic upgrade-based network upgrade vulnerability analysis model proposed in this article is installed in the virtual machine to obtain the analysis results.At the same time,this article constructed 184 application software sample test sets,covering 12 software categories,and tested the system.The test results verified the effectiveness and reliability of the software upgrade vulnerability analysis system proposed in this article.It can greatly improve the efficiency of software upgrade vulnerability analysis and solve the practical problems of low efficiency of manual analysis and huge scale of traffic data. |
PDF Full Text Request