Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Detection and Information Extraction of Similar Basic Blocks Used for Directed Greybox Fuzzing

  • Conference paper
  • First Online:
Artificial Intelligence and Security (ICAIS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12240))

Included in the following conference series:

Abstract

Directed gray-box fuzzing generates input samples with the objective of reaching a given set of target program locations efficiently so that improves the fuzzy efficiency and reduces the time cost. This Scheme can find well the vulnerabilities hided in update patch so that relies heavily on feature extraction of target blocks. Whether there are other basic blocks with similar features in the target program to speed up the efficiency of vulnerability fuzzing becomes the starting point of this paper. Our main work focuses on the static analysis of the target program to find feature similar blocks. We proposed a similarity feature discovery model of blocks by designing basic feature description vector of block. Standard feature extraction of malicious basic block from lava dataset by which we can quickly fuzz these basic blocks with similar characteristics and possibly potential threats in the target program. Through experiments, we find other basic blocks similar to malicious basic blocks and add them into dataset so that speed up the effectiveness of vulnerability fuzzing in directed gray-box fuzzing mode.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Arif, M.S., Raza, A., Shatanawi, W., et al.: A stochastic numerical analysis for computer virus model with vertical transmission over the internet. Comput. Mater. Continua 61(3), 1025–1043 (2019)

    Article  Google Scholar 

  2. Tian, Z., Shi, W., Wang, Y., et al.: Real-time lateral movement detection based on evidence reasoning network for edge computing environment. IEEE Trans. Ind. Inf. 15(7), 4285–4294 (2019)

    Article  Google Scholar 

  3. Yu, X., Tian, Z., Qiu, J., et al.: An intrusion detection algorithm based on feature graph. Comput. Mater. Continua 61(1), 255–274 (2019)

    Article  Google Scholar 

  4. Zhao, W., Li, P., Zhu, C., et al.: Defense against poisoning attack via evaluating training samples using multiple spectral clustering aggregation method. Comput. Mater. Continua 59(3), 817–832 (2019)

    Article  Google Scholar 

  5. Vulnerabilities by Date. https://www.cvedetails.com/browse-by-date.php. Accessed 22 Dec 2019

  6. Vulnerabilities by Type. https://www.cvedetails.com/vulnerabilities-by-types.php. Accessed 22 Dec 2019

  7. Toman, M.: LLVM IR service for Fedora, Masaryk University, USA (2013). https://is.muni.cz/th/n9bfn/dp.pdf. Accessed 22 Dec 2019

  8. García-Ferreira, I., Laorden, C., Santos, I.: Static analysis: a brief survey. Logic J. IGPL 24(6), 871–882 (2016)

    Article  MathSciNet  Google Scholar 

  9. Zhou, M., et al.: A method for software vulnerability detection based on improved control flow graph. Wuhan Univ. J. Nat. Sci. 24(2), 149–160 (2019). https://doi.org/10.1007/s11859-019-1380-z

    Article  MathSciNet  Google Scholar 

  10. Feng, Z., Wang, Z., Dong, W., et al.: Bintaint: a static taint analysis method for binary vulnerability mining. In: International Conference on Cloud Computing, Big Data and Blockchain (ICCBB), Fuzhou, China, pp. 1–8. IEEE (2018)

    Google Scholar 

  11. Kim, J., Youn, J.M.: Malware behavior analysis using binary code tracking. In: International Conference on Computer Applications and Information Processing Technology (CAIPT), Kuta Bali, Indonesia, pp. 1–4. IEEE (2017)

    Google Scholar 

  12. Ghiasi, M., Sami, A., Salehi, Z.: Dynamic VSA: a framework for malware detection based on register contents. Eng. Appl. Artif. Intell. 44, 111–122 (2015)

    Article  Google Scholar 

  13. Tian, D., Xiong, X., Changzhen, H., et al.: Defeating buffer overflow attacks via virtualization. Comput. Electr. Eng. 40(6), 1940–1950 (2014)

    Article  Google Scholar 

  14. Feng, C., Zhang, X.: A static taint detection method for stack overflow vulnerabilities in binaries. In: International Conference on Information Science and Control Engineering (ICISCE), ChangSha, China, pp. 110–114. IEEE (2017)

    Google Scholar 

  15. Jeon, H.-G., Mok, S.-K., Cho, E.-S.: Automated crash filtering using interprocedural static analysis for binary codes. In: Annual Computer Software and Applications Conference (COMPSAC), Turin, Italy, pp. 614–623. IEEE (2017)

    Google Scholar 

  16. Liang, X., Cui, B., Lv, Y., et al.: Research on the collaborative analysis technology for source code and binary executable based upon the unified defect mode set. In: International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, Blumenau, Brazil, pp. 260–264. IEEE (2015)

    Google Scholar 

  17. Alikhashashneh, E.A., Raje, R.R., Hill, J.H.: Using machine learning techniques to classify and predict static code analysis tool warnings. In: International Conference on Computer Systems and Applications (AICCSA), Aqaba, Jordan, pp. 1–8. IEEE (2018)

    Google Scholar 

  18. google/AFL. https://github.com/google/AFL. Accessed 23 Dec 2019

  19. Chen, L., Yang, C., Liu, F., et al.: Automatic mining of security-sensitive functions from source code. Comput. Mater. Continua 56(2), 199–210 (2018)

    Google Scholar 

  20. Rawat, S., Jain, V., Kumar, A., et al.: Vuzzer: application-aware evolutionary fuzzing. In: The Network and Distributed System Security Symposium (NDSS), San Diego, California, pp. 1–14. Internet Society (2017)

    Google Scholar 

  21. Du, C., Tan, X., Guo, Y.: A gray-box vulnerability discovery model based on path coverage. In: Sun, X., Pan, Z., Bertino, E. (eds.) ICAIS 2019. LNCS, vol. 11635, pp. 3–12. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24268-8_1

    Chapter  Google Scholar 

  22. Böhme, M., Pham, V.-T., Roychoudhury, A.: Coverage-based greybox fuzzing as markov chain. In: ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austri, pp. 1032–1043. ACM (2016)

    Google Scholar 

  23. Böhme, M., Pham, V.-T., Nguyen, M.-D., et al.: Directed greybox fuzzing. In: ACM SIGSAC Conference on Computer and Communications Security (CCS), Dallas, USA, pp. 2329–2344. ACM (2017)

    Google Scholar 

  24. Chen, H., Xue, Y., Li, Y., et al.: Hawkeye: towards a desired directed grey-box fuzzer. In: The ACM SIGSAC Conference on Computer and Communications Security (CCS), Toronto, ON, Canada, pp. 2329–2344. ACM (2018)

    Google Scholar 

  25. Dolan-Gavitt, B., Hulin, P., Kirda, E., et al.: Lava: large-scale automated vulnerability addition. In: Symposium on Security and Privacy, San Jose, USA, pp. 110–121. IEEE (2016)

    Google Scholar 

  26. Panda-re/lava. https://github.com/panda-re/lava. Accessed 22 Dec 2019

Download references

Acknowledgement

This work was supported by Natural Science Foundation of China (61702013), Joint of Beijing Natural Science Foundation and Education Commission (KZ201810009011), Science and Technology Innovation Project of North China University of Technology (19XN108).

Author information

Authors and Affiliations

  1. School of Information Science and Technology, North China University of Technology, Beijing, 100144, China

    Chunlai Du, Shenghui Liu & Tong Jin

  2. Department of Computer Science, University of Illinois Springfield, Springfield, IL, USA

    Yanhui Guo & Lei Si

Authors
  1. Chunlai Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shenghui Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yanhui Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lei Si
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tong Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yanhui Guo .

Editor information

Editors and Affiliations

  1. Nanjing University of Information Science, Nanjing, China

    Xingming Sun

  2. Nanjing University of Information Science, Nanjing, China

    Jinwei Wang

  3. Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Du, C., Liu, S., Guo, Y., Si, L., Jin, T. (2020). Detection and Information Extraction of Similar Basic Blocks Used for Directed Greybox Fuzzing. In: Sun, X., Wang, J., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2020. Lecture Notes in Computer Science(), vol 12240. Springer, Cham. https://doi.org/10.1007/978-3-030-57881-7_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-57881-7_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-57880-0

  • Online ISBN: 978-3-030-57881-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation