Computer Science ›› 2021, Vol. 48 ›› Issue (3): 320-326.doi: 10.11896/jsjkx.200700047

• Information Security • Previous Articles     Next Articles

Enhanced Binary Vulnerability Mining Based on Constraint Derivation

ZHENG Jian-yun, PANG Jian-min, ZHOU Xin, WANG Jun   

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450002,China
  • Received:2020-07-09 Revised:2020-08-13 Online:2021-03-15 Published:2021-03-05
  • About author:ZHENG Jian-yun,born in 1987,master.His main research interests include computer architecture,information security and machine learning.
    PANG Jian-min,born in 1964,Ph.D,professor,Ph.D supervisor,is a senior member of China Computer Federation.His main research interests include computer architecture,information security and high performance computing.
  • Supported by:
    National Natural Science Foundation of China(61802433,61802435) and Zhijiang Lab(2018FD0ZX01).

Abstract: In recent years,using software similarity methods to mine the homologous vulnerabilities has been proved to be effective,but the existing methods still have some shortcomings in accuracy.Based on the existing software similarity methods,this paper proposes an enhanced similarity method based on constraint derivation.This method uses code normalizationand standardization to reduce the compilation noise,so that the decompiled code representations of homologous programs tend to be the same under different compilation conditions.By using the backward slicing technique,it extracts the constraint derivation of vulnerability function and vulnerability patch function.By comparing the similarity of two constraint derivations,the patch function that is easily misjudged as vulnerability function is filtered out,so as to reduce false positives of vulnerability miningresults.We implement a prototype called VulFind.Experimental results show that VulFind caneffectivelyimprove the accuracy of software similarity analysis and vulnerability mining results.

Key words: Binary code analysis, Code normalization, Constraint derivation, Software similarity, Vulnerability mining

CLC Number: 

  • TP311
[1]KRSUL I V.Software vulnerability analysis[M].Purdue Uni-versity,1998.
[2]ZOU Q C,ZHANG T,WU R P,et al.From automation to intelligence:Survey of research on vulnerability discovery techniques[J].Journal of Tsinghua University (Science and Technology),2018,58(12):1079-1094.
[3]XIONG H,YAN H H,GUO T,et al.Code Similarity Detection:A Survey[J].Computer Science,2010,37(8):9-13.
[4]LI Z,BIAN P,SHI W C,et al.Approach of leveraging patches to discover unknown vulnerabilities[J].Ruan Jian Xue Bao/Journal of Software,2018,29(5):1199-1212.
[5]DAVID Y,YAHAV E.Tracelet-based code search in executables[C]//PLDI ’14.Edinburgh,United Kingdom,2013:349-360.
[6]FENG Q,ZHOU R D,XU C C,et al.Scalable Graph-based Bug Search for Firmware Images[C]//ACM SIGSAC Conference on Computer & Communication Security.ACM,2016.
[7]DAVID Y,PARTUSH N,YAHAV E,et al.Statistical similarity of binaries[J].Programming Language Design and Implementation,2016,51(6):266-280.
[8]XU X J,LIU C,FENG Q,et al.Neural Network-based GraphEmbedding for Cross-Platform Binary Code Similarity Detection[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security(CCS ’17).2017:363-376.
[9]ZHANG X,PANG J,LIU X,et al.Common Program Similarity Metric Method for Anti-Obfuscation[J].IEEE Access,2018:47557-47565.
[11]XIONG H,YAN H H,GUO T,et al.Code Similarity Detection:A Survey[J].Computer Science,2010,37(8):9-13.
[12]DAVID Y,PARTUSH N,YAHAV E.Similarity of binariesthrough reoptimization[C]//PLDI 2017.Barcelona,Spain,2017:79-94.
[13]FENG Q,WANG M H,MU Z,et al.Extracting ConditionalFormulas for Cross-Platform Bug Search[C]//ASIA CCS ’17.2017:346-359.
[15]JHALA R,MAJUMDAR R.Path slicing[J].Acm Sigplan Notices,2005,40(6):38-47.
[16]DIAO X C,TAN M C,CAO J J.New method of character string similarity compute based on fusing multiple edit distances[J].Application Research of Computers,2010(12):4523-4525.
[17]DENG D,LI G,FENG J,et al.Top-k String Similarity Search with Edit-Distance Constraints[C]//2013 IEEE 29th International Conference Data Engineering (ICDE).IEEE,2013.
[18]KUHN H W.The Hungarian method for the assignment pro-blem[J].Naval Research Logistics,2010,52(1/2):7-21.
[20]DAI H,DAI B,SONG L.Discriminative Embeddings of Latent Variable Models for Structured Data[J].arXiv:1603.05629.
[21]RIBEIRO L F R,SAVERESE P H P,FIGUEIREDO D R.struc2vec:Learning Node Representations from Structural Identity[C]//the 23rd ACM SIGKDD International Conference.ACM,2017.
[22]GAO J,YANG X,FU Y,et al.VulSeeker:A Semantic Learning Based Vulnerability Seeker for Cross-Platform Binary[C]//2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).IEEE,2020.
[23]CHOPRA S,HADSELL R,LECUN Y.Learning a similaritymetric discriminatively,with application to face verification[C]//2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR’05).IEEE,2005.
[24]SANDOUK U,CHEN K.Learning contextualized semantics from co-occurring terms via a Siamese architecture[M].Elsevier Science Ltd.,2016.
[1] LI Jia-li, CHEN Yong-le, LI Zhi, SUN Li-min. Mining RTSP Protocol Vulnerabilities Based on Traversal of Protocol State Graph [J]. Computer Science, 2018, 45(9): 171-176.
[2] SUO Yan-feng, WANG Shao-jie, QIN Yu, LI Qiu-xiang, FENG Da-jun and LI Jing-chun. Summary of Security Technology and Application in Industrial Control System [J]. Computer Science, 2018, 45(4): 25-33.
[3] ZHANG Ya-feng, HONG Zheng, WU Li-fa, ZHOU Zhen-ji and SUN He. Protocol State Based Fuzzing Method for Industrial Control Protocols [J]. Computer Science, 2017, 44(5): 132-140.
[4] HUANG Shou-meng, GAO Hua-ling and PAN Yu-xia. Summary of Research on Similarity Analysis of Software [J]. Computer Science, 2016, 43(Z6): 467-470.
[5] . Model Based Automatic Fuzzing Script Generation [J]. Computer Science, 2013, 40(3): 206-209.
[6] CHEN Tao,SUN Le-chang,PAN Zu-lie,LIU Jing-ju. Research on Software Vulnerability Mining Technique Based on File-format [J]. Computer Science, 2011, 38(Z10): 78-82.
Full text



No Suggested Reading articles found!