Research And Implementation Of Vulnerability Detection Platform Based On Code Clone Detection And Dynamic Detection

In recent years,with the rapid development of the Internet,Linux systems have been widely used in mobile terminals,cloud services,IoT and other fields,and its security is closely related to the entire Internet ecosystem.The 1day vulnerability in Linux may seriously affect the security of the computer system.Vulnerability detection technology for Linux systems is a hot issue in the security field.The Linux system vulnerability detection technology has the following two challenges:On the one hand,due to the open source nature of the Linux kernel,it can be used on different device types and different instruction set architectures,making the industry have a very different binary Linux kernel.How to refine the common features of these binary codes and conduct vulnerability detection is a difficult problem;on the other hand,due to the complexity of the Linux kernel,its vulnerability exploitation technology is very complicated.The traditional Linux kernel trigger verification method mainly relies on experts for manual debugging,and the detection efficiency needs to be improved.This article focuses on the above problems,and the specific work is as follows:(1)In order to detect the extremely different Linux kernel,the thesis proposes a binary vulnerability code clone detection technology based on path semantic extraction.This technology performs static vulnerability detection on the Linux kernel by extracting the vulnerability path and semantic features of the binary Linux kernel.This method proposes two detection methods:coarse-grained path similarity detection and fine-grained basic block similarity detection.Combining these two methods can quickly detect Linux kernel 1day vulnerabilities.(2)In order to automate the triggered verification of Linux kernel vulnerabilities,the thesis proposes an adaptive generation technology of vulnerability exploits based on vulnerability meta-information.This technology transforms the collected 1day exploit scripts,vulnerability meta-information,and Linux kernel attribute information into the exploit code of the target instruction set architecture and kernel version by automating the method of filling the exploit primitives,and then triggers the 1day exploit verification.(3)Combining these two detection technologies,the thesis designs and implements the Linux vulnerability detection platform SKV.The platform adopts the C/S architecture and conducts kernel vulnerability detection through intrusive methods.Experimental results show that the two detection methods proposed in the thesis have higher accuracy rates under different instruction set architectures and kernel versions.The SKV platform has detected multiple Linux kernel vulnerabilities in actual detection tasks,which proves that the platform has strong vulnerability detection capabilities.