VMPBL: Identifying Vulnerable Functions Based on Machine Learning Combining Patched Information and Binary Comparison Technique by LCS
Title | VMPBL: Identifying Vulnerable Functions Based on Machine Learning Combining Patched Information and Binary Comparison Technique by LCS |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Liu, D., Li, Y., Tang, Y., Wang, B., Xie, W. |
Conference Name | 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) |
ISBN Number | 978-1-5386-4388-4 |
Keywords | binary comparison, binary comparison technique, Classification algorithms, commas software security, composability, database management systems, feature extraction, K-Trace algorithm, knowledge database, learning (artificial intelligence), machine learning, machine learning algorithms, open source code, patch file, patched information, privacy, pubcrawl, real-world CWE vulnerabilities, resilience, Resiliency, security, security of data, Software, software security, source files, Tools, VMPBL, Vulnerability, vulnerability types, vulnerable functions, vulnerable-patched functions |
Abstract | Nowadays, most vendors apply the same open source code to their products, which is dangerous. In addition, when manufacturers release patches, they generally hide the exact location of the vulnerabilities. So, identifying vulnerabilities in binaries is crucial. However, just searching source program has a lower identifying accuracy of vulnerability, which requires operators further to differentiate searched results. Under this context, we propose VMPBL to enhance identifying the accuracy of vulnerability with the help of patch files. VMPBL, compared with other proposed schemes, uses patched functions according to its vulnerable functions in patch file to further distinguish results. We establish a prototype of VMPBL, which can effectively identify vulnerable function types and get rid of safe functions from results. Firstly, we get the potential vulnerable-patched functions by binary comparison technique based on K-Trace algorithm. Then we combine the functions with vulnerability and patch knowledge database to classify these function pairs and identify the possible vulnerable functions and the vulnerability types. Finally, we test some programs containing real-world CWE vulnerabilities, and one of the experimental results about CWE415 shows that the results returned from only searching source program are about twice as much as the results from VMPBL. We can see that using VMPBL can significantly reduce the false positive rate of discovering vulnerabilities compared with analyzing source files alone. |
URL | https://ieeexplore.ieee.org/document/8455982 |
DOI | 10.1109/TrustCom/BigDataSE.2018.00114 |
Citation Key | liu_vmpbl:_2018 |
- privacy
- vulnerable-patched functions
- vulnerable functions
- vulnerability types
- Vulnerability
- VMPBL
- tools
- source files
- software security
- Software
- security of data
- security
- Resiliency
- resilience
- real-world CWE vulnerabilities
- pubcrawl
- binary comparison
- patched information
- patch file
- open source code
- machine learning algorithms
- machine learning
- learning (artificial intelligence)
- knowledge database
- K-Trace algorithm
- feature extraction
- database management systems
- composability
- commas software security
- Classification algorithms
- binary comparison technique