基于融合节点序列信息的漏洞同源性判别

Vulnerability homology identification by integrating the node sequence information

软件漏洞是信息系统面临的主要安全威胁之一,而软件大多数以二进制形式存在,研究有效的二进制程序函数漏洞同源性判别方法,挖掘应用程序中已披露漏洞的同源漏洞,对于提高软件系统安全性具有重要意义。针对现有二进制程序函数漏洞同源性判别方法存在的忽略控制流图节点序列信息的问题,提出了一种融合节点序列信息的漏洞同源性判别方法。该方法提取二进制程序函数的控制流图,利用特征工程及Structure2vec网络将其转化为属性控制流图节点的向量表示,通过长短期记忆网络提取节点序列特征,对节点向量进行聚合得到函数向量表示,结合孪生神经网络计算余弦距离判别可疑函数。实验结果表明,该方法能够全面提升二进制程序函数漏洞同源性判别效率和查全率。

Software vulnerabilities are one of the main security threats faced by information systems,but most software exists in binary program form.So it is significant to study the vulnerability homology identification of binary program function and mine the homology vulnerabilities to improve the security of software systems.Aiming at the problem of neglecting the node sequence information of the control flow graph in the existing binary program function vulnerability homology discrimination methods,a vulnerability homology identification method of integrating the node sequence information is proposed in this paper.In this method,the control flow graph of binary program function is extracted,transformed into attribute control flow graph by feature engineering;and the vector representation of nodes in attribute control flow graph is generated by Structure2vec network.The node sequence features are extracted by long short-term memory network,and the node vectors are aggregated to obtain the function vector representation.Combined with the Siamese neural network,the cosine distance is calculated to identify suspicious functions.The experimental results on multiple datasets show that the method can further improve the performance of binary program function vulnerability homology identification.