Table of Content

    04 July 2022, Volume 8 Issue 7
    Automated Vulnerability Mining and Attack Detection
    2022, 8(7):  630. 
    Asbtract ( )   PDF (434KB) ( )  
    Related Articles | Metrics
    The Detection Method for Token Trading Vulnerability and  Authority Transfer Vulnerability Based on Symbolic Execution
    2022, 8(7):  632. 
    Asbtract ( )   PDF (1355KB) ( )  
    Related Articles | Metrics
    It is difficult to detect and verify comprehensively new token trading backdoor vulnerabilities and owner authority transfer vulnerabilities in smart contracts. Based on static semantic analysis and symbolic execution technology, this paper proposes a method to comprehensively and effectively detect and verify the token trading vulnerability and authority transfer vulnerability at the source code and bytecode levels. The method firstly converts contract source code into bytecode through contract collection and preprocessing. Secondly, global sensitive variables “balance” and “owner” are located through static semantic analysis. Then the state space is constructed and the transaction sequence is simulated by symbolic variables. The method performs symbolic execution on the contract, and establishes constraints through the features of vulnerability models. Finally, the method uses satisfiability modulo theories (SMT) solver to solve the constraint. The method is tested on ethereum, binance smart chain mainnet and a part of smart contract CVE vulnerability sets. The experimental results show that the method proposed in this paper can effectively detect the new token trading backdoor vulnerability as well as the owner authority transfer vulnerability.Key words smart contract; vulnerability detection; symbolic execution; program analysis; blockchain security
    Survey of Coverage-guided Grey-box Fuzzing
    2022, 8(7):  643. 
    Asbtract ( )   PDF (1745KB) ( )  
    Related Articles | Metrics
    In recent years, coverageguided greybox fuzzing has become one of the most popular techniques for vulnerability mining, which plays an increasingly important role in the software security industry. With the increasing variety of application scenarios and complexity of test applications, the performance requirements of coverageguided greybox fuzzing are further improved. This paper studies the existing coverageguided greybox fuzzing methods, summarizes its general framework, and analyzes its challenges and the development status. The experimental results of these methods are summarized and the problems existing in the experimental evaluation are discussed. Finally, the future development trend of coverageguided greybox fuzzing is prospected.Key words fuzzing; hole mining; coverageguided; greybox; software security

    Apache Shiro Deserialization Attack Detection Model Based on  Attack Characteristics
    2022, 8(7):  656. 
    Asbtract ( )   PDF (3615KB) ( )  
    Related Articles | Metrics
    As a widely used security framework, Apache Shiro framework provides functions such as authentication, authorization, password and session management, but its deserialization vulnerability is easy to lead to arbitrary code execution, and the existing detection methods have many problems of false positives. Therefore, this paper proposes a detection model of Apache Shiro deserialization vulnerability attack based on attack characteristics. By analyzing the network packet characteristics of normal conditions and vulnerability exploitation, this paper summarizes four attack characteristics, and constructs a model based on this to detect Apache Shiro deserialization vulnerability attack. At the same time, the problem, whether the attack is suspected to be successful is judged and transferred to manual confirmation and disposal. Experimental results show that this method can not only detect Apache Shiro deserialization vulnerability attack, but also further determine whether the attack is suspected to be successful and improve the efficiency of security event handling. In addition, compared with the existing methods, this method can effectively reduce the false negatives rate, so as to reduce the false disposal rate and reduce the impact on normal business.Key words attack characteristic; deserialization; vulnerability detection; Apache Shiro; security event handling
    Research on Evaluation Anti-attack Capability for  High Security Level System
    2022, 8(7):  666. 
    Asbtract ( )   PDF (2273KB) ( )  
    Related Articles | Metrics
    High security level protection objects are generally threelevel or above protection systems, which are extremely important protection objects. However, at present, the evaluation of high security level protection objects focuses on compliance security evaluation, and the evaluation work is limited to static security configuration inspection. It is difficult to confirm the actual utility of security mechanisms and security products, and there is a lack of antiattack ability evaluation of such protection objects. Therefore, this paper analyzes the antiattack capability evaluation requirements of the high security level system, and puts forward the antiattack capability evaluation model based on the APT threat path. By constructing APT threat capability library in the high security level system, different types of APT organizations are simulated to analyze the protection capability of the level protection object. In this paper, the construction method and key technologies of threat capability model are presented, and the model is implemented. Finally, this paper constructs 520 threat path test cases to test and evaluate the antiattack ability of the evaluation object.Key words advanced persistent threat; evaluation model; threat capability model; APT; classified security protection
    Research on Virtual Machine Protection: A Survey
    2022, 8(7):  675. 
    Asbtract ( )   PDF (2293KB) ( )  
    Related Articles | Metrics
    Static and dynamic analysis of software is always present in software distribution. As an extension of code obfuscation, virtual machine software protection provides the possibility to defend against MATE(manattoend) attacks. Due to the lack of review articles in this field, this paper reviews and collates this issue. The existing problems in the development of virtual machine protection were first pointed out. Then, the structure of virtual machine software protection was introduced, its security was analyzed by citing related articles. And at last, a summary of current work was given, and the future research directions were envisioned.Key words software protection; virtual machine protection; virtualizationbased obfuscation; code obfuscation; virtual machine
    DGCNN-based Exploit Kit Attack Activities Detection Method
    2022, 8(7):  685. 
    Asbtract ( )   PDF (1687KB) ( )  
    Related Articles | Metrics
    The attackers use exploit kit (EK) to exploit the vulnerabilities in the software system, browser and its plugins to achieve the intention of spreading malicious load automatically and silently. Traditional EK attack activity detection methods extract the url in the network traffic for static analysis, and ignore the interaction process among network traffic packets generated by the EK attack activity, which results in low detection accuracy. This paper presents an EK attack activity detection method based on the deep graph convolutional neural network (DGCNN). The method takes the HTTP requestresponse pair as node and the redirection relation between nodes as edge, and constructs a redirection graph according to the customized generation rules of node and edge. The method extracts the node structure features of the graph using DGCNN, and classifies the graph using the traditional deep learning method. Experimental results show that the method can effectively detect EK attack activities, and the average detection accuracy rate is 97.54%.Key words exploit kit (EK); HTTP requestresponse pair; redirection graph; deep graph convolutional neural network (DGCNN); deep learning; graph classification
    Research on Memorycorruption Vulnerability Defense Methods  Based on Memory Protection Technology
    2022, 8(7):  694. 
    Asbtract ( )   PDF (1030KB) ( )  
    Related Articles | Metrics
    Since its outbreak of COVID19 in the world, the process of digital transformation has been further accelerated in all sectors around the world. With the increasing value of information assets, information security problems follow. Vulnerability attacks are the root cause of frequent security incidents in recent years. Vulnerability defense ability directly affects the security of the system. How to prevent vulnerability exploitation without patches has become an urgent need. Vulnerability exploitation defense has also become an important research content in the field of attack and defense confrontation of information security. This paper studies the binary memorycorruption vulnerability defense methods and puts forward a new method to deal with the increasing vulnerability attacks.Key words memory protection technology; memorycorruption vulnerability; network security; behavior monitoring; vulnerability defense; endpoint security
    A Vulnerability Management System Based on Multiconstrained  Secure Workflow
    2022, 8(7):  700. 
    Asbtract ( )   PDF (1839KB) ( )  
    Related Articles | Metrics
    The cyberspace security faces great challenges nowadays for the increasing amount of vulnerabilities. Many corporations and organizations find it difficult to deal with them, resulting in the economic loss and the endless suffering. As vulnerability management requires people, resources and tools working together, it is necessary to design an efficient and secure workflow. To tackle this problem, a multiconstraint secure workflow model is proposed based on TaskRoleBased Access Control with time, space and context constrains. The proposed model is applied to vulnerability management flow. The practice showed that the workflow can cover the lifecycle management of vulnerabilities and guarantee the consistency between rights and obligation for stakeholders. It makes it easy to identify, process, analyze and record the data, which helps to trace the workflow of vulnerability management.Key words vulnerability management; secure workflow; lifecycle management; finedgrained access control; cyber security
    Visualization Analysis of Multilevel Control Relations of Botnet
    2022, 8(7):  707. 
    Asbtract ( )   PDF (3100KB) ( )  
    Related Articles | Metrics
    Network attacks, especially APT attacks, generally use the captured devices as a springboard, and use the subordinate controlled devices to carry out attacks, while the attacker’s identity is hidden in the network. Botnets led by Mirai usually use C&C servers to control bots. There are often multilevel control relations among bots, so the anomaly detection of a single node is often difficult to solve the problem. This paper proposes a botnet visualization analysis system of multilevel control relations, which filtrates the control nodes through the flow characteristics, sorts out the control behaviors, and exports the relational data through the graph database to realize visualization, so as to intuitively find the multilevel control relations between nodes, find out the springboard nodes, so as to trace the botnet and find out the hidden botmaster nodes.Key words botnet; network flow; behavior analysis; multilevel control relations; visualization

    Balance and Optimization of the Utilization and Protection of  Personal Information in the Context of Digital Transformation
    2022, 8(7):  726. 
    Asbtract ( )   PDF (964KB) ( )  
    Related Articles | Metrics
    With the indepth advancement of the Fourth Industrial Revolution, digitalization is inevitably changing human production and lifestyle as well as national governance models. In keeping with the tide of history, digital transformation strategies are being actively deployed across countries and regions. The efficiency of digital transformation depends mainly on the level of development of personal information, and the quality of transformation is closely related to the level of protection of personal information. While digital transformation has a positive impact on the use of personal information, it also challenges the balance and optimization between the use and protection of personal information. In view of the current situation of the use and protection of personal information in China, it should be improved from three aspects: rule design, governance mechanisms, and afterthefact relief. A personalinformationright system with power as the core should be established. A motivating personal information governance mechanism should be built. The personal information infringement relief system needs to be improved.Key words digital transformation; personal information protection; information value; information right; personal information governance