LI Zhen,ZOU Deqing,WANG Zeli,JIN Hai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2019001

2019-01-01

Abstract:Static software vulnerability detection is mainly divided into two types according to different analysis objects: vulnerability detection for binary code and vulnerability detection for source code. Because the source code contains more semantic information, it is more favored by code auditors. The existing vulnerability detection research works for source code are summarized from four aspects: code similarity-based vulnerability detection, symbolic execution-based vulnerability detection, rule-based vulnerability detection, and machine learning-based vulnerability detection. The vulnerability detection system based on source code similarity and the intelligent software vulnerability detection system for source code are taken as two examples to introduce the process of vulnerability detection in detail.

HU Chaojian,ZHANG Jia,LI Zhoujun,SHI Zhiwei,ZHANG Yan

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.z2.017

2009-01-01

Abstract:Since there are semantic differences between a source code and its executable code, analysis of only the source code may miss some vulnerabilities in the executable code.Typical vulnerability patterns were analyzed to design a security vulnerability detection tool to work directly on executables.The system combines static disassembly analysis, dynamic auto-debugging and function based argument injection.The tool successfully found buffer overflow vulnerabilities in both a CVE (common vulnerabilities & exposures) benchmark and two real executables.The resuIts show that this detection method can be used to directly detect security vulnerabilities in executable codes.

Jun KONG,Wei-ming WU,Yong-hao GU

DOI: https://doi.org/10.3969/j.issn.1003-6970.2016.11.032

2016-01-01

Abstract:With the rapid development of information technology, the application software continues to expand the scale of software security issues more and more frequent, so how to guarantee and improve the quality of software has become a problem of concern. Research shows that the cost of correcting errors in the testing phase is 10 times more than that of the code, so the quality of the software can be greatly reduced by static analysis. Software testing based on defect pattern is a technique developed in recent years, the source code static analysis, mainly for software defect detec-tion and prevention automatically or semi automatically, this kind of defect detection tool due to the characteristics of high efficiency and simple to use, has been widely used in software testing. The so-called defect mode, is refers to the procedure often occurs the mistake or the flaw place presents the specific rule. Defect modes are often summed up by people or testers who are experienced in the field of program design. In this paper, the use of open source software as an experimental tool, the use of static analysis of the relevant theory, the definition of the software test software project to do some of the existing problems.

KONG De-guang,ZHENG Quan,CHEN Chao,SHUAI Jian-mei,ZHU Ming,DAI Wei

2008-01-01

Abstract:To cope with the problem of high false positives and false negatives in source code static analysis methods,this paper presents a source code static analysis technology for vulnerability detection based on data fusion.This technology interprets and makes data fusion on the outcome of different static analysis methods,which greatly decrease the false positives and false negatives.A prototype system of scalable source code analysis tool is designed and implemented which can automatically search for the best result based on feedback of the users.It is proved by experiment that this method has a better performance with lower false positives and false negatives compared with one single method.

YU Xiu-Mei,LIANG Bin,CHEN Hong,XIE Su-Bin,WANG Mei-Lin

DOI: https://doi.org/10.3969/j.issn.1003-6059.2012.04.019

2012-01-01

Pattern Recognition and Artificial Intelligence

Abstract:A large number of widespread source systems make the security of source code of software increasingly important. Multi-variable access correlation rules are mined by the path-sensitive method and the defects caused by inconsistent access to correlated variables are detected automatically in the large-scale source code systems. Multi-variable access correlations can be mined via logical information of source code and sensitive path information, which avoids fault from the insensitive path method. The effective solutions to the uneven distribution of path weight and the path explosion problems are presented. The presented method is verified by Linux system, and the experimental result shows that it mines correct multi-variable access correlations.

Chen Liang,Qiang Wei,Jiang Du,Yisen Wang,Zirui Jiang

DOI: https://doi.org/10.1016/j.cose.2024.104098

IF: 5.105

2025-01-01

Computers & Security

Abstract:Amidst the rapid development of the software industry and the burgeoning open-source culture, vulnerability detection within the software security domain has emerged as an ever-expanding area of focus. In recent years, the rapid advancement of artificial intelligence, particularly the notable progress in deep learning for pattern recognition and natural language processing, has catalyzed a surge in research endeavors exploring the integration of deep learning for the enhancement of vulnerability detection techniques.In this paper, we investigate contemporary deep learning-based source code analysis methods, with a concentrated emphasis on those pertaining to static code vulnerability detection. We categorize these methods based on various representations of source code employed during the preprocessing stage, including token-based and graph-based representations of source code, and further subdivided based on the types of deep learning algorithms or graph representations employed. We summarize the basic processes of model training and vulnerability detection under these different representation formats. Furthermore, we explore the limitations inherent in current approaches and provide insights into future trends and challenges for research in this field.

Yan Wang,Peng Jia,Xi Peng,Cheng Huang,Jiayong Liu

DOI: https://doi.org/10.1016/j.cose.2022.103023

IF: 5.105

2022-01-01

Computers & Security

Abstract:Static detection of security vulnerabilities in binary programs is an important research field in software supply chain security. However, existing vulnerability detection methods based on code similarity can only detect known vulnerabilities. Vulnerability features generated by vulnerability pattern-based detection methods are low robust due to the influence of manually defined patterns, compiler diversity, and irrelevant function instructions. In this paper, we propose BinVulDet, which is a binary level vulnerability detection tool for accurate known and unknown vulnerability detection. BinVulDet uses decompilation techniques to obtain pseudo code containing high-level semantic information against the impact of compilation diversity. Then the program slicing technique is used to extract the statements with data dependencies and control dependencies related to the vulnerability. A BiLSTM-attention neural network is used to extract rich contextual semantic information from slice codes to generate more robust vulnerability patterns to detect vulnerabilities. The experimental results show that BinVulDet outperforms the state-of-the-art binary vulnerability detection methods. The FPR and FNR of BinVulDet are 1.04% and 0.89% on average, respectively, which are 3.93% and 22.86% lower than the baseline model on average. BinVulDet can effectively against the influence of compilation diversity and successfully be used for real-world vulnerability detection by being evaluated in three CVE vulnerability projects.

Jinxin Zhong -,Wenqing Fan -,Jing An -,Miao Zhang -,Yixian Yang -

DOI: https://doi.org/10.4156/jdcta.vol6.issue4.15

2012-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Nowadays, Vulnerability exploiting has become a major means of malicious code communication. In order to solve the problem that polymorphic and metamorphic vulnerability exploit variants is difficult to detect, it presents a method of detecting vulnerability exploits based on binary behavior analysis in this paper. The method track and monitor the memory and register changes the binary file's behavior results, and have a formal verification on application's behavior through intermediate‐level language. In this paper, we examine the performance of binary analysis by taking two sets of experiments for separate targets, one is 13 local file vulnerabilities, the other is web browser vulnerabilities. The results show that the exploits detection method based on binary behavior analysis can be effectively used for analysis and detection of the vulnerabilities, also with significantly reduced time and space complexity.

Shouguo Yang,Zhengzi Xu,Yang Xiao,Zhe Lang,Wei Tang,Yang Liu,Zhiqiang Shi,Hong Li,Limin Sun

DOI: https://doi.org/10.1145/3604608

IF: 3.685

2023-06-17

ACM Transactions on Software Engineering and Methodology

Abstract:Vulnerability is a major threat to software security. It has been proven that binary code similarity detection approaches are efficient to search for recurring vulnerabilities introduced by code sharing in binary software. However, these approaches suffer from high false-positive rates since they usually take the patched functions as vulnerable, and they usually do not work well when binaries are compiled with different compilation settings. To this end, we propose an approach, named Robin , to confirm recurring vulnerabilities by filtering out patched functions. Robin is powered by a lightweight symbolic execution to solve the set of function inputs that can lead to the vulnerability-related code. It then executes the target functions with the same inputs to capture the vulnerable or patched behaviors for patched function filtration. Experimental results show that Robin achieves high accuracy for patch detection across different compilers and compiler optimization levels respectively on 287 real-world vulnerabilities of 10 different software. Based on accurate patch detection, Robin significantly reduces the false-positive rate of state-of-the-art vulnerability detection tools (by 94.3% on average), making them more practical. Robin additionally detects 12 new potentially vulnerable functions.

computer science, software engineering

Zhibin Guan,Xiaomeng Wang,Wei Xin,Jiajie Wang,Li Zhang

DOI: https://doi.org/10.1109/icccs49078.2020.9118556

2020-01-01

Abstract:With the rapid development of information technology, various software applications are flooding our daily lives. The development of these application software inevitably generates a lot of source code. How to detect and analyze various defects in the source code, such as API/Function call errors, array misuse, and expression syntax error, etc., which is known as source code defect analysis (SCDA), has attracted the attention of many researchers in the academic field. Since artificial intelligence (AI) technology has achieved excellent results in the field of image processing and natural language processing, researchers have tried to use deep learning algorithms in AI to automatically extract and analyze features of source code. Therefore, we review the recent deep learning-based source code defect analysis methods, including abstract syntax tree-based methods, program dependency graph-based methods, and other deep learning-based methods. Compared to traditional methods, the deep learning-based code defect analysis methods can realize the automatic extraction of source code defect features. This means that there is no longer a need for human experts to pre-define code features, which avoids errors caused by humans to a certain extent. The application research of AI in the source code defect analysis is an interesting and challenging development direction, and we believe it has broad development prospects.

Bojiang Liu,Lijin Wu,Xiaomei Shen,Wei He,Xinyu Han

DOI: https://doi.org/10.1109/dsa56465.2022.00141

2022-01-01

Abstract:This paper takes the shipbuilding industry software as the research object, uses the dynamic binary code technology to track the instructions to realize the program defect detection, records the instruction flow, data flow and the execution of each instruction on the system state during the program execution at the assembly instruction level. The impact and other information are studied from the dynamic binary code analysis method and the tracking and debugging model. Finally, the advantages and disadvantages of this method are given according to the effect of software vulnerability mining in the shipbuilding industry.

An Xifeng,Li Weihua,Pan Wei

DOI: https://doi.org/10.1109/ISKE.2008.4730998

2008-01-01

Abstract:Through comprehensive analysis of software security vulnerability, a novel vulnerability detecting method based on similar characteristic is proposed in this paper. The method aims at C Code security detection. Based on Case-based Reasoning technology, the method performs similarity matching between security characteristic of source code and the characteristic of known security vulnerabilities, and calculates the similarity to determine if the code has security vulnerabilities. The experiments demonstrate that the presented method can effectively improve the veracity and efficiency of vulnerability detection. And it solves the problems that current detecting methods based on rule-matching cannot rapidly and accurately handle the large-scale legacy software and structurecomplicated software. Furthermore, the definition and selection of threshold also improves the adaptability and agility of detecting method. © 2008 IEEE.

Hui He,Dongyan Zhang,Min Liu,Weizhe Zhang,Dongmin Gao

DOI: https://doi.org/10.1155/2014/463912

2014-01-01

Abstract:Software security defects have a serious impact on the software quality and reliability. It is a major hidden danger for the operation of a system that a software system has some security flaws. When the scale of the software increases, its vulnerability has becoming much more difficult to find out. Once these vulnerabilities are exploited, it may lead to great loss. In this situation, the concept of Software Assurance is carried out by some experts. And the automated fault localization technique is a part of the research of Software Assurance. Currently, automated fault localization method includes coverage based fault localization (CBFL) and program slicing. Both of the methods have their own location advantages and defects. In this paper, we have put forward a new method, named Reverse Data Dependence Analysis Model, which integrates the two methods by analyzing the program structure. On this basis, we finally proposed a new automated fault localization method. This method not only is automation lossless but also changes the basic location unit into single sentence, which makes the location effect more accurate. Through several experiments, we proved that our method is more effective. Furthermore, we analyzed the effectiveness among these existing methods and different faults.

LI Xiao-nan,FAN Ming-yu,WANG Guang-wei

DOI: https://doi.org/10.3969/j.issn.1001-3695.2011.08.054

2011-01-01

Abstract:To cope with the problem of high false negatives and false positives in source code static analysis methods with a static test tool,this paper presented a static analysis detection method for safety defects detection based on several static test tools.This method made statistical analysis on the outcome of different static test tools,which greatly decreased the false negatives and false positives.It designed and implemented a scalable source code static analysis tool platform,and it was proved by experiment that this platform has a better performance with lower false negatives and false positives compared with one single static test tool.

Hongyu Yang,Haiyun Yang,Liang Zhang,Xiang Cheng

DOI: https://doi.org/10.1109/trustcom56396.2022.00070

2022-01-01

Abstract:Aiming at the fact that the existing source code vulnerability detection methods did not explicitly maintain the semantic information related to the vulnerability in the source code, which made it difficult for the vulnerability detection model to extract the vulnerability sentence features and had a high detection false positive rate, a source code vulnerability detection method based on the vulnerability dependency graph is proposed. Firstly, the candidate vulnerability sentences of the function were matched, and the vulnerability dependency representation graph corresponding to the function was generated by analyzing the multi-layer control dependencies and data dependencies of the candidate vulnerability sentences. Secondly, abstracted the function name and variable name of the code sentences node and generated the initial representation vector of the code sentence nodes in the vulnerability dependency representation graph. Finally, the source code vulnerability detection model based on the heterogeneous graph transformer was used to learn the context information of the code sentence nodes in the vulnerability dependency representation graph. In this paper, the proposed method was verified on three datasets. The experimental results show that the proposed method have better performance in source code vulnerability detection, and the recall rate is increased by 1.50%~22.27%, and the F1 score is increased by 1.86%~16.69%, which is better than the existing methods.

HUANG Hui,LU Yu-liang,XIA Yang

DOI: https://doi.org/10.3969/j.issn.1001-3695.2013.09.064

2013-01-01

Abstract:Aiming towards automatic defect detection for binary programs,based on software virtual machine's dynamic binary translation and taint propagation,this paper studied mechanisms necessary for symbolic execution including program's run-time semantics' extraction,intermediate language based symbolic calculation,enhanced the path-scheduling mechanism in traditional dynamic symbolic execution,analyzed symbolic asserts' expressions for common program defects,with an online dynamic symbolic execution system built up detecting defects in binary programs.Experiments prove the method's effectiveness in defect detection for real binary programs.

Lian Yu,Jun Zhou,Yue Yi,Jianchu Fan,Qianxiang Wang

DOI: https://doi.org/10.1109/qsic.2009.10

2009-01-01

Abstract:Static analysis works well at checking defects that clearly map to source code constructs. Model checking can find defects of deadlocks and routing loops that are not easily detected by static analysis, but faces the problem of state explosion. This paper proposes a hybrid approach to detecting security defects in programs. Fuzzy Inference System is used to infer selection among the two detection approaches. A cluster algorithm is developed to divide a large system into several clusters in order to apply model checking. Ontology based static analysis employs logic reasoning to intelligently detect the defects. We also put forwards strategies to improve performance of the static analysis. At last, we perform experiments to evaluate the accuracy and performance of the hybrid approach.

GU Ke,LIU Chao,JIN Mao-zhong

DOI: https://doi.org/10.3969/j.issn.1001-3695.2009.05.008

2009-01-01

Abstract:The C++ program which is all right in compiling process does not always insure there are no defects in the code.For the reason that there may be defects relative to securities,design and code style,it may result in memory leak,misuse of pointers or make the program code unclearly and unreadable.The defects will place bad impact on the normal running and the maintain ability of the software.This paper introduced a good technology of defect-extendable automated C++ code defect detection,including two methods to detect the defects,a description of defect rules based on XPath technology and an introduction of the C++ defect automation detector.Furthermore,analyzed the detector in stability,credibility and easy-to-use by experiment.

TIAN Shuo,LIANG Hong-liang

DOI: https://doi.org/10.3969/j.issn.1002-137X.2009.07.002

2009-01-01

Computer Science

Abstract:A survey of static analysis methods for binary code vulnerabilities was provided.Based on summing up exis-ting static detect methods for vulnerabilities,the general procedural of binary static analysis was modeled,and transforming program information into expressive and generic intermediate representation was regarded as the key component of the analysis and as a important research direction.

Yevhenii Kubiuk,Gennadiy Kyselov

DOI: https://doi.org/10.15587/2706-5448.2021.233534

2021-06-30

Technology audit and production reserves

Abstract:The object of research of this work is the methods of deep learning for source code vulnerability detection. One of the most problematic areas is the use of only one approach in the code analysis process: the approach based on the AST (abstract syntax tree) or the approach based on the program dependence graph (PDG). In this paper, a comparative analysis of two approaches for source code vulnerability detection was conducted: approaches based on AST and approaches based on the PDG. In this paper, various topologies of neural networks were analyzed. They are used in approaches based on the AST and PDG. As the result of the comparison, the advantages and disadvantages of each approach were determined, and the results were summarized in the corresponding comparison tables. As a result of the analysis, it was determined that the use of BLSTM (Bidirectional Long Short Term Memory) and BGRU (Bidirectional Gated Linear Unit) gives the best result in terms of problems of source code vulnerability detection. As the analysis showed, the most effective approach for source code vulnerability detection systems is a method that uses an intermediate representation of the code, which allows getting a language-independent tool. Also, in this work, our own algorithm for the source code analysis system is proposed, which is able to perform the following operations: predict the source code vulnerability, classify the source code vulnerability, and generate a corresponding patch for the found vulnerability. A detailed analysis of the proposed system’s unresolved issues is provided, which is planned to investigate in future researches. The proposed system could help speed up the software development process as well as reduce the number of software code vulnerabilities. Software developers, as well as specialists in the field of cybersecurity, can be stakeholders of the proposed system.