Research And Implementation Of Software Vulnerability Detection Technology Based On Control Flow Integrity

With the rise of apt organizations,apt attacks against countries or large companies are gradually concerned by security researchers.Apt attacks are covert,and usually use Oday or relatively new nday,which is difficult to prevent.Therefore,it is necessary to detect vulnerability exploitation in the current environment.This paper proposes a vulnerability detection technology based on the integrity of control flow.The technology extracts and recovers the assembly instruction sequence executed by the program through the hardware tracking ability of the processor,so as to obtain the complete runtime assembly instruction sequence of the program accurately,transparently and imperceptibly,which may contain the execution of the exploit code.At the same time,the pre constructed program is used to control the flow The execution flow of the program is detected based on the integrity of the control flow to find the exception in the process of program execution.At the same time,the weak check method is used to reduce the false alarm rate.Based on the above ideas,this paper focuses on a large software(Adobe Reader)implements a vulnerability detection system based on the integrity of IPT hardware and control flow.Through the performance test of IPT,the low consumption of IPT hardware is verified.Through the in-depth study of decoding technology,an IP filtering scheme is proposed,which can effectively reduce the consumption of decoding.In the case of a given vulnerability sample set,the vulnerability exploitation behavior is detected and found In this paper,the detection rate of vulnerability exploitation behavior is 100%.In the case of imperfect control flow graph,the false alarm rate remains at a low level of 5.89%.When using imperfect control flow graph,the detection rate of vulnerability exploitation behavior is still 100%.After a lot of optimization of control flow graph,the false alarm rate gradually converges to 0%.This sample set selects the real CVE vulnerabilities,which has high practical value,and has a certain Zero Day vulnerability detection ability,which can quickly find the exploit behavior.