Visible to the public VMPBL: Identifying Vulnerable Functions Based on Machine Learning Combining Patched Information and Binary Comparison Technique by LCS

TitleVMPBL: Identifying Vulnerable Functions Based on Machine Learning Combining Patched Information and Binary Comparison Technique by LCS
Publication TypeConference Paper
Year of Publication2018
AuthorsLiu, D., Li, Y., Tang, Y., Wang, B., Xie, W.
Conference Name2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
Keywordsbinary comparison, binary comparison technique, Classification algorithms, commas software security, composability, database management systems, feature extraction, K-Trace algorithm, knowledge database, learning (artificial intelligence), machine learning, machine learning algorithms, open source code, patch file, patched information, privacy, pubcrawl, real-world CWE vulnerabilities, resilience, Resiliency, security, security of data, Software, software security, source files, Tools, VMPBL, Vulnerability, vulnerability types, vulnerable functions, vulnerable-patched functions
Abstract

Nowadays, most vendors apply the same open source code to their products, which is dangerous. In addition, when manufacturers release patches, they generally hide the exact location of the vulnerabilities. So, identifying vulnerabilities in binaries is crucial. However, just searching source program has a lower identifying accuracy of vulnerability, which requires operators further to differentiate searched results. Under this context, we propose VMPBL to enhance identifying the accuracy of vulnerability with the help of patch files. VMPBL, compared with other proposed schemes, uses patched functions according to its vulnerable functions in patch file to further distinguish results. We establish a prototype of VMPBL, which can effectively identify vulnerable function types and get rid of safe functions from results. Firstly, we get the potential vulnerable-patched functions by binary comparison technique based on K-Trace algorithm. Then we combine the functions with vulnerability and patch knowledge database to classify these function pairs and identify the possible vulnerable functions and the vulnerability types. Finally, we test some programs containing real-world CWE vulnerabilities, and one of the experimental results about CWE415 shows that the results returned from only searching source program are about twice as much as the results from VMPBL. We can see that using VMPBL can significantly reduce the false positive rate of discovering vulnerabilities compared with analyzing source files alone.

URLhttps://ieeexplore.ieee.org/document/8455982
DOI10.1109/TrustCom/BigDataSE.2018.00114
Citation Keyliu_vmpbl:_2018