A Detection Approach for Vulnerability Exploiter Based on the Features of the Exploiter
Algorithm 3
Vulnerability Exploit Detection Method based on JCFG (JCFG-VEDM).
Input: JCFG, The exploit node to be detected/ The SQL containing JCFG node information and the node extracted from key instructions of the program during execution /
Output: Result
(1)
JCFGNode = JCFG.head (); / Make the JCFG pointer point to the head node of JCFG /
(2)
Node = new Node (); / The instruction node in the execution process, the main function is first located when the program is executed /
(3)
Stack R = new Stack <> (); / Create a stack to store the return address /
(4)
vector <stack<VulNode>> Vul; / Create a stack to record the exploit nodes that generate abnormal jumps /
(5)
begin
(6)
if (q.attrName == p.first.attr.attrName) then
(7)
if (q.attrName == Call) then
(8)
if (CNameJudge (p.first, q)) then/
(9)
Vul.add (temp);
(10)
enf if;
(11)
else if (q.attrName == JXX) then
(12)
if (JAdressJudge (p.first, q)) then
(13)
Vul.add (temp);
(14)
end if;
(15)
else
(16)
if (RetnJudge ()) then
(17)
Vul.add (temp);
(18)
end if;
(19)
else if (q.attrName == p.second.attr.attrName) then