摘要
网络攻击流量的采集对于分析网络攻击效果以及检验评估网络安全防护设施的性能等研究领域有着重要的意义。研究一套以Python符号执行技术为核心的自动化网络攻击流量获取方案。对当前网络上可获取的Python网络攻击脚本进行自动化的处理,使这些攻击脚本统一格式并进行以符号执行技术为主。强制执行技术为辅助的自动化流量采集工作,从而免去大量的建立漏洞环境的时间,使得网络安全研究员能够更轻易地获得攻击脚本所能产生的攻击流量。将该系统生成并提取的攻击流量与手工搭建漏洞环境并运行脚本后得到的攻击流量进行对比分析,验证该方案的可行性与适用场景。
The collection of network attack traffic is of great significance for the analysis of network attack effect and evaluation of the performance of network security protection facilities. This paper studied an automated network attack traffic acquisition method based on Python symbol execution technology. This method could automatically process Python network attack scripts available on the current network, make these attack scripts uniform and perform symbolic execution, and enforce the technology to assist the automated traffic collection work. This saved a lot of time to build vulnerability environment, and made it easier for network security researchers to get attack traffic generated by attack scripts. The attack traffic generated and extracted by the system was compared with the attack traffic obtained by manually building a vulnerability environment and running scripts, which verified the feasibility and applicable scenarios of the scheme.
作者
陈家浩
王轶骏
吕诚
Chen Jiahao;Wang Yijun;Lü Cheng(School of Cyber Security, Shanghai Jiao Tong University, Shanghai 200240, China)
出处
《计算机应用与软件》
北大核心
2019年第2期294-307,共14页
Computer Applications and Software
基金
国家重点研发计划项目"网络空间安全"重点专项(2017YFB0803203)
关键词
网络攻击
攻击流量
符号执行
Network attack
Attack traffic
Symbol execution