引用本文
  • 刘奇旭,王柏柱,胡恩泽,刘井强,刘潮歌.基于功能代码片段的Java后门检测方法[J].信息安全学报,2019,4(5):33-47    [点击复制]
  • LIU Qixu,WANG Baizhu,HU Enze,LIU Jingqiang,LIU Chaoge.Java Backdoor Detection Based on Function Code Gadgets[J].Journal of Cyber Security,2019,4(5):33-47   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 8544次   下载 8885 本文二维码信息
码上扫一扫!
基于功能代码片段的Java后门检测方法
刘奇旭1,2, 王柏柱1,2, 胡恩泽1,2, 刘井强1,2, 刘潮歌1,2
0
(1.中国科学院信息工程研究所, 北京 中国 100093;2.中国科学院大学网络空间安全学院, 北京 中国 100049)
摘要:
随着软件供应链污染的兴起,Java开源组件的安全性正面临着越来越严峻的挑战,近年来也出现了若干起因Java开源组件被植入后门而导致大规模的软件污染的安全事件。为了更好地检测Java开源组件和Java程序的安全性,本文在大量分析Java后门样本的基础上,构建了Java后门的检测模型作为理论基础;在统计分析实际后门常用Java API的基础上,归纳了一系列适用于检测Java后门的规则;提出了基于功能代码片段的后门分析方法,并且结合自底向上的数据流分析方法,实现了首款面向Java源码的后门检测系统JCAT(Java Code Analysis Tool)。以阿里供应链大赛提供的119个样本验证JCAT的检测能力,取得了准确率90.22%的良好效果,并将漏报率和误报率分别控制在较低水平。
关键词:  Java后门检测  静态检测技术  数据流分析
DOI:10.19363/J.cnki.cn10-1380/tn.2019.09.04
投稿时间:2019-05-30修订日期:2019-08-15
基金项目:本论文获得国家重点研发计划(No.2016YFB0801604),中国科学院青年创新促进会,中国科学院战略先导C类(No.XDC02040100,No.XDC02030200,No.XDC02020200)课题资助;获得中国科学院网络测评技术重点实验室和网络安全防护技术北京市重点实验室资助。
Java Backdoor Detection Based on Function Code Gadgets
LIU Qixu1,2, WANG Baizhu1,2, HU Enze1,2, LIU Jingqiang1,2, LIU Chaoge1,2
(1.Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;2.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China)
Abstract:
With the rise of software supply chain pollutions, the security of Java open source components is increasingly challenged. In recent years, there have also been some large-scale software pollution incidents caused by Java open source components being implanted backdoors. In order to detect the backdoors in the Java open source components and Java programs more effectively, in this paper, we first build Java backdoor detection models based on analyzing a large number of Java backdoor samples. Next, we summarize a series of rules for detecting Java backdoors on basis of statistics of common Java APIs in backdoors, propose a backdoor analysis method based on function code gadget. Combined with the bottom-up data flow analysis method, we develop the first backdoor detection system JCAT(Java Code Analysis Tool). We evaluate the JCAT's detection ability with 119 samples provided by the Ali Supply Chain Competition, and the detection rate reaches 90.22%. Moreover the false positive rate and false negative rate are also controlled at a relatively low level.
Key words:  Java backdoor detection  static detection technology  data-flow analysis