从自动化到智能化:软件漏洞挖掘技术进展

From automation to intelligence:Survey of research on vulnerability discovery techniques

近年来,随着软件规模和复杂度的日益增加,软件漏洞挖掘技术正逐渐向高度自动化和智能化演变,该文从传统漏洞挖掘技术和基于学习的智能化漏洞挖掘技术两方面深入调研和分析了相关的研究进展。首先,从静态和动态挖掘技术2方面详细介绍了传统漏洞挖掘技术的研究现状,涉及的技术包括模型检测、二进制比对、模糊测试、符号执行以及漏洞可利用性分析等,并分析了各项技术存在的问题,提出当前的研究难点是实现漏洞挖掘全自动化。然后,介绍了机器学习和深度学习技术在漏洞挖掘领域的应用,具体应用场景包括二进制函数识别、函数相似性检测、测试输入生成、路径约束求解等,并提出了其存在的机器学习算法不够健壮安全、算法选择依靠经验、数据样本不足、特征选择依赖专家知识等问题。最后,对未来研究工作进行了展望,提出应该围绕提高漏洞挖掘的精度和效率、提高自动化和智能化的程度这2方面展开工作。

In recent years,the increasing size and complexity of software packages has led to vulnerability discovery techniques gradually becoming more automatic and intelligent.This paper reviews the search characteristics of both traditional vulnerability discovery techniques and learning-based intelligent vulnerability discovery techniques.The tradiuonal techniques include static and dynamic vulnerability discovery techniques which involve model checking,binary comparisons,fuzzing,symbolic execution and vulnerability exploitability analyses.This paper analyzes the problems of each technique and the challenges for realizing full automation of vulnerability discovery.Then,this paper also reviews machine learning and deep learning techniques for vulnerability discovery that include binary funcuon identification,function similarity detection,test input generation,and path constraint solutions.Some challenges are the security and robustness of machine Xearning algorithms,algorithm selection,dataset collection, and feature selection.Finally,future research should focus on improving the accuracy and efficiency of vulnerability discovery algorithms and improving the automation and intelligence.