Binary Program Vulnerability Mining Based on Neural Network

Software security analysts typically only have access to the executable program and cannot directly access the source code of the program.This poses significant challenges to security analysis.While it is crucial to identify vulnerabilities in such non-source code programs,there exists a limited set of generalized tools due to the low versatility of current vulnerability mining methods.However,these tools suffer from some shortcomings.In terms of targeted fuzzing,the path searching for target points is not streamlined enough,and the completely random testing leads to an excessively large search space.Additionally,when it comes to code similarity analysis,there are issues with incomplete code feature extraction,which may result in information loss.In this paper,we propose a cross-platform and cross-architecture approach to exploit vulnerabilities using neural network obfuscation techniques.By leveraging the Angr framework,a deobfuscation technique is introduced,along with the adoption of a VEX-IR-based intermediate language conversion method.This combination allows for the unified handling of binary programs across various architectures,compilers,and compilation options.Subsequently,binary programs are processed to extract multi-level spatial features using a combination of a skip-gram model with self-attention mechanism and a bidirectional Long Short-Term Memory(LSTM)network.Finally,the graph embedding network is utilized to evaluate the similarity of program functionalities.Based on these similarity scores,a target function is determined,and symbolic execution is applied to solve the target function.The solved content serves as the initial seed for targeted fuzzing.The binary program is processed by using the de-obfuscation technique and intermediate language transformation method,and then the similarity of program functions is evaluated by using a graph embedding network,and symbolic execution is performed based on these similarity scores.This approach facilitates cross-architecture analysis of executable programs without their source codes and concurrently reduces the risk of symbolic execution path explosion.

A Survey on Binary Code Vulnerability Mining Technology

With the increase of software complexity,the security threats faced by the software are also increasing day by day.So people pay more and more attention to the mining of software vulnerabilities.Although source code has rich semantics and strong comprehensibility,source code vulnerability mining has been widely used and has achieved significant development.However,due to the protection of commercial interests and intellectual property rights,it is difficult to obtain source code.Therefore,the research on the vulnerability mining technology of binary code has strong practical value.Based on the investigation of related technologies,this article firstly introduces the current typical binary vulnerability analysis framework,and then briefly introduces the research background and significance of the intermediate language;with the rise of artificial intelligence,a large number of machine learning methods have been tried to solve the problem of binary vulnerability mining.This article divides the current related binary vulnerabilities mining technology into traditional mining technology and machine learning mining technology,respectively introduces its basic principles,research status and existing problems,and briefly summarizes them.Finally,based on the existing research work,this article puts forward the prospect of the future research on the technology of binary program vulnerability mining.

Research on Known Vulnerability Detection Method Based on Firmware Analysis

At present,the network security situation is becoming more and more serious.Malicious network attacks such as computer viruses,Trojans and hacker attacks are becoming more and more rampant.National and group network attacks such as network information war and network terrorism have a serious damage to the production and life of the whole society.At the same time,with the rapid development of Internet of Things and the arrival of 5G era,IoT devices as an important part of industrial Internet system,have become an important target of infiltration attacks by hostile forces.This paper describes the challenges facing firmware vulnerability detection at this stage,and introduces four automatic detection and utilization technologies in detail:based on patch comparison,based on control flow,based on data flow and ROP attack against buffer vulnerabilities.On the basis of clarifying its core idea,main steps and experimental results,the limitations of its method are proposed.Finally,combined with four automatic detection methods,this paper summarizes the known vulnerability detection steps based on firmware analysis,and looks forward to the follow-up work.

PS-Fuzz:Efficient Graybox Firmware Fuzzing Based on Protocol State

The rise of the Internet of Things(IoT)exposes more and more important embedded devices to the network,which poses a serious threat to people’s lives and property.Therefore,ensuring the safety of embedded devices is a very important task.Fuzzing is currently the most effective technique for discovering vulnerabilities.In this work,we proposed PS-Fuzz(Protocol State Fuzz),a gray-box fuzzing technique based on protocol state orientation.By instrumenting the program that handles protocol fields in the firmware,the problem of lack of guidance information in common protocol fuzzing is solved.By recording and comparing state transition paths,the program can be quickly booted,thereby greatly improving the efficiency of fuzzing.More importantly,the tool utilizes the synchronous execution of the firmware simulator and the firmware program,which can collect and record system information in the event of a crash from multiple dimensions,providing assistance for further research.Our evaluation results show that for the same vulnerability,the efficiency of PS-Fuzz is about 8 times that of boofuzz under ideal conditions.Even rough instrumentation efficiency can reach 2 times that of boofuzz.In addition,PS-Fuzz can provide at least 6 items more information than boofuzz under the same circumstances.

Embedded fuzzing:a review of challenges,tools,and solutions

Fuzzing has become one of the best-established methods to uncover software bugs.Meanwhile,the market of embedded systems,which binds the software execution tightly to the very hardware architecture,has grown at a steady pace,and that pace is anticipated to become yet more sustained in the near future.Embedded systems also beneft from fuzzing,but the innumerable existing architectures and hardware peripherals complicate the development of general and usable approaches,hence a plethora of tools have recently appeared.Here comes a stringent need for a systematic review in the area of fuzzing approaches for embedded systems,which we term'embedded fuzzing"for brevity.The inclusion criteria chosen in this article are semi-objective in their coverage of the most relevant publication venues as well as of our personal judgement.The review rests on a formal definition we develop to represent the realm of embedded fuzzing.It continues by discussing the approaches that satisfy the inclusion criteria,then defines the relevant elements of comparison and groups the approaches according to how the execution environment is served to the system under test.The resulting review produces a table with 42 entries,which in turn supports discussion suggesting vast room for future research due to the limitations noted.