摘要
近年来,使用软件相似性方法挖掘软件中的同源漏洞已经被证明确实有效,但现有的方法在准确率方面还存在一定不足。在原有的软件相似性方法的基础上,文中提出了一种基于约束推导式的增强型相似性方法。该方法引入代码规范化和标准化处理技术以减少编译环境引起的噪声,使得同源程序在不同编译条件下的反编译代码表示尽量趋于相同;使用程序后向切片技术提取漏洞函数和漏洞补丁函数的约束推导式,通过两者约束推导式的相似性比较,过滤掉易被误判为漏洞函数的补丁函数,以减少漏洞挖掘结果中的误报。基于所提方法,实现了新的漏洞挖掘系统VulFind。实验结果表明,该系统可以提升软件相似性分析的准确率,使得漏洞挖掘结果的准确率得到有效提升。
In recent years,using software similarity methods to mine the homologous vulnerabilities has been proved to be effective,but the existing methods still have some shortcomings in accuracy.Based on the existing software similarity methods,this paper proposes an enhanced similarity method based on constraint derivation.This method uses code normalizationand standardization to reduce the compilation noise,so that the decompiled code representations of homologous programs tend to be the same under different compilation conditions.By using the backward slicing technique,it extracts the constraint derivation of vulnerability function and vulnerability patch function.By comparing the similarity of two constraint derivations,the patch function that is easily misjudged as vulnerability function is filtered out,so as to reduce false positives of vulnerability miningresults.We implement a prototype called VulFind.Experimental results show that VulFind caneffectivelyimprove the accuracy of software similarity analysis and vulnerability mining results.
作者
郑建云
庞建民
周鑫
王军
ZHENG Jian-yun;PANG Jian-min;ZHOU Xin;WANG Jun(State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450002,China)
出处
《计算机科学》
CSCD
北大核心
2021年第3期320-326,共7页
Computer Science
基金
国家自然科学基金(61802433
61802435)
之江实验室(2018FD0ZX01)。
关键词
二进制代码分析
漏洞挖掘
软件相似性
代码规范化
约束推导式
Binary code analysis
Vulnerability mining
Software similarity
Code normalization
Constraint derivation
