中圖分類號(hào)： TP309
文獻(xiàn)標(biāo)識(shí)碼： A
DOI： 10.19358/j.issn.2096-5133.2021.07.009
引用格式： 劉思琦，王一鳴. 基于補(bǔ)丁特性的漏洞掃描研究[J].信息技術(shù)與網(wǎng)絡(luò)安全，2021，40(7)：52-58.

Research on vulnerability scanning based on patch characteristics

Abstract： In order to resist the hacker attack caused by the vulnerability and the threat generated by the vulnerability itself, the general method of 1day vulnerability application repair is to use code matching to detect. But at present, the false alarm rate of source code matching is high, and the binary code similarity matching is not accurate and universal. Based on this, this paper proposes a vulnerability scanning model from source code to binary code, BinScan, which is based on patch features. Firstly, it forms a known vulnerability database and scans the source code for known vulnerabilities to obtain the vulnerability detection results; then it uses the source code detection information to compile the source code before and after the patch to generate a binary file and to form a binary vulnerability library; finally it compares the target binary files for similarity performance, using the source code results for verification. In the end, this paper generates 2 700 vulnerability data and 15 496 patch files of Linux Kernel. It has been realized to use source code detection to limit the vulnerability detection range of binary files, and to detect the existence of patches based on the similarity of CFG and binary code to detect vulnerabilities. The detection results show that compared with other binary vulnerability detection tools, this method can apply source code level vulnerability scanning capabilities to binary and is effective.

Key words : patch characteristics；vulnerability scanning；binary；source code；security