Research on Vulnerability Site Location and Vulnerability Similarity Technology
| Autor: | Xiaochen Wang, Baojiang Cui, Qian Ma, Xinda Xu |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
Computer science
business.industry Exception handling 020207 software engineering Crash 02 engineering and technology computer.software_genre Fuzzy logic Identification (information) Software Similarity (network science) 020204 information systems Basic block 0202 electrical engineering electronic engineering information engineering Data mining business computer Vulnerability (computing) |
| Zdroj: | Innovative Mobile and Internet Services in Ubiquitous Computing ISBN: 9783030503987 IMIS |
| DOI: | 10.1007/978-3-030-50399-4_61 |
| Popis: | The existence of software vulnerabilities, especially 0day vulnerabilities, brings potential dangers to computer users, and more targeted network attacks occur frequently. Based on the dynamic instruction flow of software with vulnerabilities from startup to crash and Windows exception handling mechanism, this paper proposes a software vulnerability crash site location technology at the basic block level (BBL). Then, backtrack the program execution flow from the software crash point and extract variable-length function sequences and abstract coded instruction sequences under specific constraints. Finally, fuzzy measurement and precise measurement are used to calculate the similarity of vulnerabilities. Vulnerability similarity experiments were performed on 23 CVE vulnerability samples. The similarity of different CVE vulnerability samples was less than 0.01%, and the similarity of different PoC samples of the same CVE vulnerability was as high as 99.7%. By establishing a complete vulnerability signature database, automatic verification of new vulnerabilities and identification of 0day vulnerabilities can be achieved. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|