Geri Dön

Kural tabanlı optimizasyon ile ağ saldırılarının tespiti

Detection of network attacks with rule-based optimization

PDF İndir

  1. Tez No: 836934
  2. Yazar: OĞUZ ÖZGER
  3. Danışmanlar: DOÇ. DR. HALİT ÖZTEKİN
  4. Tez Türü: Yüksek Lisans
  5. Konular: Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol, Computer Engineering and Computer Science and Control
  6. Anahtar Kelimeler: Arabellek Taşması, sibergüvenlik, zaafiyet, SonarQube, memoization, Buffer Overfloew, cybersecurity, vulnerability, SonarQube, memoization
  7. Yıl: 2023
  8. Dil: Türkçe
  9. Üniversite: Sakarya Uygulamalı Bilimler Üniversitesi
  10. Enstitü: Lisansüstü Eğitim Enstitüsü
  11. Ana Bilim Dalı: Elektrik-Elektronik Mühendisliği Ana Bilim Dalı
  12. Bilim Dalı: Belirtilmemiş.
  13. Sayfa Sayısı: 55

Özet

Bilgisayar sistemlerinde farklı anormallikler sıkça rastlanan durumlar arasında yer alır. Bu tür anormallikler, sistemlerin istikrarını ve güvenliğini tehdit eder, hatta bazen kritik veri kayıplarına veya yetkisiz erişimlere neden olabilir. Arabellek taşması anamolisi, bu anormallikler arasında öne çıkan ve bilgisayar güvenliğini ciddi anlamda tehlikeye atan bir durumdur. Bu çalışma, bu ciddi tehdidin bilgisayar sistemlerinde nasıl bir güvenlik zafiyetine yol açtığını ve bu tür zafiyetlerin azaltılmasına katkı sunmak amacıyla gerçekleştirilmiştir. Arabellek taşması, bir programın hafıza sınırlarını aşarak kötü niyetli kodun çalıştırılmasına imkan tanır, bu da siber korsanların sistemlere izinsiz erişim sağlamalarına veya kötü amaçlı yazılımları çalıştırmalarına olanak verir. Tez kapsamında, arabellek taşması saldırılarının temel prensipleri, bu saldırılardan korunma yöntemleri ve yaygın programlama dillerinde arabellek taşmasına yol açan hatalar üzerinde durulmuştur. Çalışmamızın temel amacı, PHP programlama dilinde sıkça kullanılan fonksiyonların potansiyel olarak arabellek taşmasına yol açabilecek riskleri belirlemek ve bu riskleri minimize edecek çözümler sunmaktır. PHP'nin, bugün dünya genelinde en popüler betik dilleri arasında olması ve geçtiğimiz yıllarda web tabanlı bilgisayar yazılımlarında bulunan çoğu güvenlik açığının PHP ile ilgili olması , bu dilde çalışmayı tercih etmemizin ana nedenlerindendir. Güvenlik açıklarını tespit etme anlamında statik kod analizörleri kullanılmakta olup bunlardan SonarQube geniş kütüphanesi, esnek özelleştirme seçenekleri ve sektördeki güvenilirliği ile ön plana çıkmaktadır. Bu kapsamda, SonarQube platformunda, arabellek taşmalarını otomatik olarak tespit etmeye yönelik özelleştirilmiş bir kural seti geliştirilmiştir. SonarQube, yazılım projelerinin kalitesini analiz eden ve potansiyel hataları, zafiyetleri veya kod tarzı ihlallerini belirleyebilen bir platformdur. Bu çalışma, Ubuntu 20.04 LTS işletim sistemi yüklenmiş Proxmox sanallaştırma ortamında oluşturulmuş bir sanal makine (VM) üzerinde yürütülmüştür. Sanal makine, 2 soket, 4 çekirdek ve 16 GB RAM kapasitesine sahiptir. Özelleştirilmiş kural, memoization optimizasyon tekniği kullanılarak analiz sürecinin hızını ve verimliliğini artırmaktadır. Bu sayede, daha önce analiz edilmiş kod parçacıkları için analiz süreci tekrar tekrar çalıştırılmamakta, işlem süresi ve kaynak kullanımı önemli ölçüde azaltılmaktadır. Sonuç olarak, bu çalışma PHP programlama dilinde arabellek taşmasına yol açabilecek kritik güvenlik açıklarını tespit edebilmektedir. Çalışmada kullanılan memoization tekniği sayesinde analiz süresi önemli ölçüde azalmıştır. Önbellek boşken analiz 29.118s alırken, önbellek doluyken bu süre 22.048 s'ye düşmüştür. Bu, yöntemin hız ve verimlilikteki katkısını göstermektedir.

Özet (Çeviri)

Buffer overflow attack is a security vulnerability that occurs when a program writes more data to an allocated memory area than is allowed. Attackers can exploit this vulnerability to gain unauthorized access, crash the program, or inject malicious code. This type of attack can be demonstrated in various programming languages such as C, Python, and Java. For example, in C, the gets() function can lead to a buffer overflow if the input received from the user is excessively large. Similarly in Python and Java, exceeding the allocated memory size with user input can also lead to a buffer overflow.To protect against attacks, software developers need to carefully review their code, conduct comprehensive tests to identify security vulnerabilities, and take appropriate measures for such flaws.Measures for software and hardware-based protection against buffer overflow have been explained. Among the software-based protection methods are controlling array sizes, using secure input/output functions, memory limitations, Address Space Layout Randomization (ASLR), Stack Canary, software updates, security tests, fuzzing, and sandboxing. For example, in a C program, the size of user input is checked; in Python, secure transformation operations are performed; in Java, dynamic memory allocation is limited. The ASLR mechanism makes it difficult for attackers to predict memory addresses, but it is not completely secure. Hardware-based protection methods include Data Execution Prevention (DEP), Virtualization Technology (VT), Error-Correcting Code (ECC), Control Flow Integrity (CFI), and Trusted Execution Technology (TXT). Specifically, DEP prevents the execution of malicious code, VT provides an isolated operating environment, ECC corrects errors in memory, CFI protects code flow, and TXT secures the boot process. Hardware-based measures are generally stronger than software-based ones but are supported by modern CPUs. Ideally, both hardware and software-based measures should be used in conjunction. These protection methods and technologies are especially supported in modern processor architectures like Intel, AMD, and ARM. However, these protection methods and technologies need to be continually updated, as threats and attack techniques are also constantly evolving. Historically, buffer overflow attacks have been extensively studied and have been observed to lead to numerous significant cybersecurity incidents. In 1988, the Morris Worm targeted Unix systems and accounted for 10% of all Internet traffic. In 2001, Code Red affected Microsoft IIS servers, compromising millions of computers. In 2014, Heartbleed rendered websites using the SSL encryption protocol vulnerable. In 2017, the Equifax data breach led to the theft of personal information from 147 million customers. In 2018, Spectre and Meltdown targeted Intel processors, affecting millions of computers. In 2019, vulnerabilities like BlueKeep and WhatsApp buffer overflow flaws created the potential for widespread attacks. Most recently, in 2021, attacks on Microsoft Exchange servers infiltrated computer systems of thousands of organizations worldwide. These events underscore the ongoing and serious cybersecurity threat posed by buffer overflow attacks. The conclusion we drew from our literature review is that static analysis tools play a critical role in the software development process and are widely accepted as such. These tools allow for the examination of source code without it being compiled or executed, enabling the early detection of potential errors, security vulnerabilities, and performance issues. Different tools may be customized for different programming languages, frameworks, and software components. For instance, tools like 'Checkmarx' and 'Fortify' are particularly aimed at identifying security vulnerabilities, while 'SonarQube' focuses on code quality, and 'Clang Static Analyzer' and 'Cppcheck' are specifically designed for C and C++ code. These types of tools can generally be easily integrated into continuous integration processes, allowing code changes to be automatically analyzed. However, it should be noted that static analysis tools have their limitations. They may be inadequate in detecting errors or runtime issues that could occur dynamically. Overall, these tools hold significant importance in improving the security and quality of software. This study is conducted on a virtual machine (VM) set up in a Proxmox virtualization environment running Ubuntu 20.04 LTS as its operating system. The virtual machine is configured with 2 sockets, 4 cores, and 16 GB of RAM. SonarQube, a static code analysis tool, and its accompanying tool, Sonar-Scanner, are key components of our project. To ensure the successful operation of SonarQube and Sonar-Scanner, the Java Development Kit (OpenJDK 11) was initially installed. SonarQube is a platform that analyzes the quality of software projects and can identify potential errors, vulnerabilities, or code style violations. Additionally, the PostgreSQL database has been installed on our system to work seamlessly with SonarQube. The most up-to-date version of SonarQube was downloaded, and after making the necessary configuration settings, the installation was completed. Memoization is used to prevent code from being executed repeatedly and to enhance performance. Especially when it comes to security analyses, this caching technique speeds up the analysis process. SonarQube is a commonly used tool for static code analysis, and the integration of memoization significantly reduces the analysis time, particularly in large codebases. The integration process consists of four main steps: First, utilizing SonarQube's customizable framework for PHP, a special security rule is created using the memoization technique. Second, a caching mechanism is established in this special rule to store the results of functions that could pose security risks. Third, whenever any function or method is called for the first time, potential security risks are assessed and the results are stored in the cache. Fourth, when the same function is called again, the information stored in the cache is used for an instant security assessment. This four-step process not only allows for the rapid identification of security risks but also shortens the analysis time. In this project, a security rule has been developed for SonarQube that operates in the PHP language. The rule is defined in the Java file“BufferOverflowCheck.java”and aims to detect the security vulnerability known as buffer overflow when specific PHP functions are called. The main logic of the rule is to check whether functions like strcpy, strcat, and gets are being called, and if so, it generates a security alert. The project contains four key files and a series of test files:“BufferOverflowCheck.java”contains the main logic of the rule.“MyPhpRules.java”includes a list of existing custom rules and adds them to the SonarQube rule repository.“PHPCustomRulesPlugin.java”defines the Sonar Plugin and integrates the MyPhpRules class.“pom.xml”is the Maven configuration file and is necessary for the creation and management of the project's dependencies. The rule uses a HashMap structure to cache relevant functions and whether they may lead to buffer overflow. When function calls are detected, the“visitFunctionCall”function is triggered. If information is already present in the cache, an alert is immediately generated. Otherwise, new information is added to the cache. The cache file is stored as“cache_dosyasi/cache.txt”. To enhance performance, the caching mechanism performs disk-loading (“loadCache”) and disk-saving (“saveCache”) operations. This structure can effectively detect buffer overflow issues in PHP projects and helps in preventing such security vulnerabilities. The primary aim of our study is to identify the risks that commonly used functions in the PHP programming language may potentially lead to buffer overflow vulnerabilities, and to provide solutions to minimize these risks. To this end, a customized rule set has been developed on the SonarQube platform, which is designed to automatically detect buffer overflows. The custom rule is enhanced with a caching mechanism, thereby speeding up and improving the efficiency of the analysis process. As a result, the analysis process is not repeatedly executed for code snippets that have already been analyzed, thereby significantly reducing processing time and resource usage. This has been achieved using the memoization technique. In conclusion, the study can effectively identify critical security vulnerabilities that may lead to buffer overflow in the PHP programming language. This thesis holds vital importance for the security of web applications and makes a significant contribution to the existing literature on software security.

Benzer Tezler

  1. Tez No

    849520

    Analysis of network security using machine learning methods

    Makine öğrenmesi yöntemleri kullanılarak ağ güvenirliği analizi

    MARYAM SALATI

    Doktora

    İngilizce

    İngilizce

    2024

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolAnkara Üniversitesi

    Bilgisayar Mühendisliği Ana Bilim Dalı

    PROF. DR. İMAN ASKERBEYLİ

  2. Tez No

    877791

    Hibrit elektrikli araçlarda batarya performans ve yakıt tüketimi değerlerinin modellenmesi ve optimizasyonu

    Modeling and optimization of battery performance and fuel consumption in hybrid electric vehicles

    YAVUZ ERAY ALTUN

    Doktora

    Türkçe

    Türkçe

    2024

    Makine Mühendisliğiİstanbul Teknik Üniversitesi

    Makine Mühendisliği Ana Bilim Dalı

    DOÇ. DR. OSMAN AKIN KUTLAR

  3. Tez No

    373750

    Sezgisel algoritmalar yardımıyla sinir ağlarından kural çıkarımı

    Neural network rule extraction using heuristic methods

    ÖZLEM KANGA

    Yüksek Lisans

    Türkçe

    Türkçe

    2014

    Endüstri ve Endüstri MühendisliğiUludağ Üniversitesi

    Endüstri Mühendisliği Ana Bilim Dalı

    PROF. DR. ERDAL EMEL

  4. Tez No

    324030

    Priority based cooperative spectrum sharing in cognitive radio networks

    Bilişsel radyo ağlarda öncelik tabanlı, kooperatif spektrum paylaşımı

    GÜLNUR SELDA UYANIK

    Yüksek Lisans

    İngilizce

    İngilizce

    2011

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik Üniversitesi

    Bilgisayar Mühendisliği Ana Bilim Dalı

    PROF. DR. SEMA OKTUĞ

  5. Tez No

    557222

    Relaying opportunities for wireless networks by applying network coding

    Kablosuz ağlar için ağ kodlamalı aktarma fırsatları

    SEMİHA TEDİK BAŞARAN

    Doktora

    İngilizce

    İngilizce

    2019

    Elektrik ve Elektronik Mühendisliğiİstanbul Teknik Üniversitesi

    Elektronik ve Haberleşme Mühendisliği Ana Bilim Dalı

    PROF. DR. GÜNEŞ ZEYNEP KARABULUT KURT

Geri Dön