Biblio
Filters: Author is Washizaki, Hironori [Clear All Filters]
.
2022. Automatic labeling of the elements of a vulnerability report CVE with NLP. 2022 IEEE 23rd International Conference on Information Reuse and Integration for Data Science (IRI). :164—165.
Common Vulnerabilities and Exposures (CVE) databases contain information about vulnerabilities of software products and source code. If individual elements of CVE descriptions can be extracted and structured, then the data can be used to search and analyze CVE descriptions. Herein we propose a method to label each element in CVE descriptions by applying Named Entity Recognition (NER). For NER, we used BERT, a transformer-based natural language processing model. Using NER with machine learning can label information from CVE descriptions even if there are some distortions in the data. An experiment involving manually prepared label information for 1000 CVE descriptions shows that the labeling accuracy of the proposed method is about 0.81 for precision and about 0.89 for recall. In addition, we devise a way to train the data by dividing it into labels. Our proposed method can be used to label each element automatically from CVE descriptions.
.
2021. Feature Extraction Method for Cross-Architecture Binary Vulnerability Detection. 2021 IEEE 10th Global Conference on Consumer Electronics (GCCE). :834–836.
Vulnerability detection identifies defects in various commercial software. Because most vulnerability detection methods are based on the source code, they are not useful if the source code is unavailable. In this paper, we propose a binary vulnerability detection method and use our tool named BVD that extracts binary features with the help of an intermediate language and then detects the vulnerabilities using an embedding model. Sufficiently robust features allow the binaries compiled in cross-architecture to be compared. Consequently, a similarity evaluation provides more accurate results.
.
2020. Binary Similarity Analysis for Vulnerability Detection. 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). :1121–1122.
Binary similarity has been widely used in function recognition and vulnerability detection. How to define a proper similarity is the key element in implementing a fast detection method. We proposed a scalable method to detect binary vulnerabilities based on similarity. Procedures lifted from binaries are divided into several comparable strands by data dependency, and those strands are transformed into a normalized form by our tool named VulneraBin, so that similarity can be determined between two procedures through a hash value comparison. The low computational complexity allows semantically equivalent code to be identified in binaries compiled from million lines of source code in a fast and accurate way.