In this paper 1 we propose a new approach to detect integer overflow vulnerabilities in executable x86-architecture code. The approach is based on symbolic execution of the code and the dual representation of memory. We build truncated control flow graph, based on the machine code. Layers in that graph are checked for the feasibility of vulnerability conditions. The proposed methods were implemented and experimentally tested on executable code.
Abstract. In this article the authors give a consideration to a problem of detecting errors and vulnerabilities in software components of different digital devices. The article shows an everincreasing criticality of this problem in the course of time related to development of modern concepts the Industrial Internet and the Industry 4.0. It gives an overview of modern approaches to application of methods of computer-assisted learning and artificial intellect in the sphere of cyber security, problems and prospects of application thereof. A new approach is offered to searching software vulnerabilities on the basis of application of deep learning. The approach is based on building semantically significant vector representations of software code and multistage instructing the deep neural network on revealing hierarchical abstractions in computer code testifying to presence of vulnerabilities. The authors describe specific features of the goal of analyzing software code for presence of vulnerabilities and proceeding thereof it is offered to use a neural network with long short-term memory (LSTM). In order to solve a problem of the learning set, the authors offer to use learning with transfer in case of building vector representations of instructions. The article also provides results of experimental investigations on application of offered solutions.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.