高级检索
    赵尚儒, 李学俊, 方越, 余媛萍, 黄伟豪, 陈恺, 苏璞睿, 张玉清. 安全漏洞自动利用综述[J]. 计算机研究与发展, 2019, 56(10): 2097-2111. DOI: 10.7544/issn1000-1239.2019.20190655
    引用本文: 赵尚儒, 李学俊, 方越, 余媛萍, 黄伟豪, 陈恺, 苏璞睿, 张玉清. 安全漏洞自动利用综述[J]. 计算机研究与发展, 2019, 56(10): 2097-2111. DOI: 10.7544/issn1000-1239.2019.20190655
    Zhao Shangru, Li Xuejun, Fang Yue, Yu Yuanping, Huang Weihao, Chen Kai, Su Purui, Zhang Yuqing. A Survey on Automated Exploit Generation[J]. Journal of Computer Research and Development, 2019, 56(10): 2097-2111. DOI: 10.7544/issn1000-1239.2019.20190655
    Citation: Zhao Shangru, Li Xuejun, Fang Yue, Yu Yuanping, Huang Weihao, Chen Kai, Su Purui, Zhang Yuqing. A Survey on Automated Exploit Generation[J]. Journal of Computer Research and Development, 2019, 56(10): 2097-2111. DOI: 10.7544/issn1000-1239.2019.20190655

    安全漏洞自动利用综述

    A Survey on Automated Exploit Generation

    • 摘要: 随着安全漏洞数量急剧上升,高效率地评估与修复漏洞面临更大的挑战.目前漏洞的可利用性评估主要依赖人工方法,如何智能化和自动化地进行安全漏洞利用是本领域一个热点研究问题.调研了2006年至今安全漏洞自动利用文献,分析了现状并指出了漏洞利用研究的发展趋势,同时给出了漏洞自动利用的一般框架;分别从漏洞自动利用的信息输入、漏洞类型和利用方法这3个角度对当前研究成果进行了梳理,指出了这3个角度对漏洞自动利用的影响;分析了漏洞自动利用研究的不足与挑战,并对将来的研究趋势进行了展望.

       

      Abstract: With the increase of security vulnerabilities, it has been a considerable challenge to evaluate and repair vulnerabilities efficiently. However, the current assessment of the availability of vulnerabilities mainly depends on manual methods. How to intelligently and automatically exploit security exploits is a hot research issue in this field. In this paper, the literature on automated exploit generation of security vulnerabilities from 2006 to the present are investigated. We analysize current research progress, point out the development trend of exploit generation research, and summarize the general framework of automated exploit generation of vulnerabilities. We sort out the current research results from the three aspects of information input, vulnerability types and utilization methods, and discuss the effects of the three aspects on the automated exploit generation of vulnerabilities. Then the current shortcomings and challenges of automatic exploit generation of vulnerabilities are analyzed, and the future research trends and directions are also pointed out.

       

    /

    返回文章
    返回