《计算机应用研究》|Application Research of Computers

一种有效的Cisco IOS映像注入攻击分析方法

Effective method for analysis of Cisco IOS image injection attack

免费全文下载 (已被下载 次)  
获取PDF全文
作者 曾诚,刘胜利,肖达,陈立根
机构 解放军信息工程大学 数学工程与先进计算国家重点实验室,郑州 450000
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2013)12-3775-04
DOI 10.3969/j.issn.1001-3695.2013.12.066
摘要 针对Cisco IOS映像注入攻击提出了一种基于虚拟化的恶意代码分析方法。通过虚拟化技术的研究, 设计实现了虚拟化分析平台CDAP(Cisco dynamic analysis platform), 为IOS系统提供了运行环境, 在此基础上, 采用指令信息截获与过滤技术、数据跟踪技术对注入到IOS映像中的恶意代码进行分析。使用该方法可对遭受IOS注入攻击的多型号多版本的Cisco IOS映像进行分析。实验结果证明了该方法的有效性。
关键词 Cisco IOS;虚拟化技术;代码分析;指令截获;指令过滤;数据跟踪
基金项目 郑州市科技创新团队项目(10CXTD150)
本文URL http://www.arocmag.com/article/01-2013-12-066.html
英文标题 Effective method for analysis of Cisco IOS image injection attack
作者英文名 ZENG Cheng, LIU Sheng-li, XIAO Da, CHEN Li-gen
机构英文名 State Key Laboratory of Mathematical Engineering & Advanced Computing, PLA Information Engineering University, Zhengzhou 450000, China
英文摘要 This paper proposed a method for analysis of malicious code to resist the injection attack of Cisco IOS image based on the virtualization. After the research of visualization, it designed and realized a platform called CDAP to run the IOS. On the basis of CDAP, it analyzed the malicious code injected in the IOS image, with data tracking and instruction interception and filtration technique. Using this method, it analyzed multiple models and versions of IOS images that suffered injection attack. The result of experiment demonstrates this method is effective.
英文关键词 Cisco IOS; virtualization; code analysis; instruction interception; instruction filtration; data track
参考文献 查看稿件参考文献
  [1] FUTORANSKY A. Viral infections in Cisco IOS [EB/OL] . (2008-08-06). https://media. blackhat. com/bh-usa-08/video/bh-us-08-Futoransky/black-hat-usa-08-futoransky-viralCisco-hires. m4v.
[2] LYNN M. The holy grail:Cisco IOS shellcode and exploitation techniques [EB/OL] . (2010-11-21). http://securityvulns. com/Fnews57. html.
[3] CHAWDHARY G, VARUN U. Cisco shellcodes[EB/OL] . (2008-08-06). https://www. blackhat. com/presentations/bh-usa-08/Chawdhary_Uppal/BH_US_08_Chawdhary_Uppal_Cisco_IOS_Shellcodes. pdf.
[4] 风丹, 邹梅. Cisco IOS系统缓冲区溢出攻击研究[J] . 计算机工程, 2007, 33(24):138-140.
[5] FELIX L. Cisco IOS router exploitation[EB/OL] . (2009-06-22). http://www. blackhat. com/presentations/bh-usa-09/LINDNER/BHUSA09-Lindner-RouterExploit-PAPER. pdf.
[6] Rootkits on Cisco IOS devices[EB/OL] . (2011-01). http://www. cisco. com/warp/public/707/cisco-sr-20080516-rootkits. shtml.
[7] MUN~IZ S, ORTEGA A. Fuzzing and debugging Cisco IOS [EB/OL] . (2011-12-21). http://www. pdfpedia. com/download/13758/fuzzing-and-debugging-cisco-ios-blackhat-europe-2011-pdf. html.
[8] 怀进鹏, 李沁, 胡春明. 基于虚拟机的虚拟计算环境研究与设计[J] . 软件学报, 2007, 18(8):2016-2026.
[9] 陈恺, 冯登国, 苏璞睿. 基于有限约束满足问题的溢出漏洞动态检测方法[J] . 计算机学报, 2012, 35(5):898-909.
[10] 王祥根, 司端峰, 冯登国, 等. 一种基于自修改代码技术的软件保护方法[J] . 中国科学院研究生院学报, 2009, 26(5):688-694.
收稿日期
修回日期
页码 3775-3778
中图分类号 TP311;TP393.08
文献标志码 A