Research on Static Reverse Analysis Technology for Security Detection of Power Industrial Control Software

In the power industrial control software, defects of software and possible pre-implanted backdoors and malicious codes are important factors that threaten the security of the power industrial control system. The complete and accurate extraction of function call relationship is the basis of software security detection based on function call graph. Therefore, based on analyzing function call sequence of abnormal behavior of electric power industrial control software, a method of software static reverse analysis is proposed. The method identified the function call relationship optimized by the compiler to be a jmp instruction by searching the call/jmp instructions. In order to extract a simplified key function call relationship, a key function list was obtained by performing keyword fuzzy matching. Experiments show that this method can accurately and comprehensively obtain the function call relation, the simplified key function call relationship can improve the efficiency of reverse analysis and provide a better support for software defects, backdoors and malicious codes detection.