Research On Multi Variant Voting Method And Technology

Multi variant execution technology is a software protection technology containing the idea of mimic defense,which can effectively improve the security of software.However,the unique architecture of multi variant execution technology also makes it face many challenges in the specific application process.The false positive problem and performance problem need to be solved in the development of multi variant execution technology.In this paper,many multi variant execution technologies are deeply investigated and combined with the mimic defense theory.This paper uses three different methods to improve the voting mechanism in multiple variants and make it more available.The main research contents and innovations of this paper are as follows:1.To solve the problem of false positives in the process of mimicry transformation,this study proposes the theory of optimal mimicry component set and designs two algorithms:supplement method and subtraction method.Firstly,this paper summarizes the false positive problems in the process of mimicry transformation,combines the mimicry boundary theory with the attack surface measurement theory,and puts forward that the optimal mimicry component set theory needs to be used in the process of mimicry transformation.This method is also suitable for multi variant.Specifically,two algorithms are proposed:supplement method and subtraction method.And this paper introduces the specific application methods of the two algorithms with examples.Finally,experiments show that the above two algorithms can effectively reduce the probability of false positive voting in the mimic system.2.This paper proposes a new multi variant voting algorithm,dynamic feedback voting algorithm,which can reduce the number of votes in the process of multi variant operation and improve the performance of multi variant execution framework.Firstly,from the perspective of software attack,this study summarizes and analyzes the process of binary vulnerability utilization and summarizes the key information in the process of binary vulnerability utilization.Then,this study proposes a dynamic feedback voting algorithm based on the key information in vulnerability exploitation.The algorithm will dynamically generate the address whitelist in the process of program running.The multi variant execution framework can use the address whitelist as the basis to judge whether to vote.Finally,the influence of the algorithm on the number of multi variant votes and the improvement of performance are proved from the perspective of experiments.3.This study proposes a kernel based implementation of multi variant monitor,which optimizes the performance of multi variant execution framework.The monitor in the multi variant execution framework is one of the important components of multi variant,which undertakes the important tasks of voting,routing,and distribution.At the same time,it is also the performance bottleneck of multi variant execution framework.Firstly,this study gives the multi variant execution process under the new monitor.Then,introduce the three core functions of the monitor,including master-slave variant registration function,heterogeneity detection function,voting and combining function.Finally,this study uses experiments to prove the improvement of new variant monitor.