BVDetector: A program slice-based binary code vulnerability intelligent detection system

Tian, Junfeng; Xing, Weihong; Li, Zhen

doi:10.1016/j.infsof.2020.106289

Cited by 36 publications

(23 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We compare the proposed system with the approaches presented in [35] (denoted as VulDeePecker) and [15] (denoted as BVDetector). VulDeePecke detects vulnerabilities at the source code level, while BVDetector detects vulnerabilities at the assembly code level.…”

Section: Resultmentioning

confidence: 99%

“…Liu et al [22] employed the attention mechanism on top of a bidirectional long short-term memory to detect assembly code vulnerabilities. Tian et al [15] extracted code slices from assembly codes in their vulnerability detection system. A summary of the above studies is presented in Table 1, where we have highlighted the key differences of different works.…”

Section: Vulnerability Detection By Assembly Codementioning

confidence: 99%

“…is method has a high detection effectiveness; however, the detection speed is too slow for large-scale code detection. In order to balance the detection speed and accuracy, we use a similar token sequence-based deep learning model as those in [10][11][12]15]. ese methods extract the token sequences related to the vulnerability information.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Vulnerability Detection System Based on Fusion of Assembly Code and Source Code

Feng

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Software vulnerabilities are one of the important reasons for network intrusion. It is vital to detect and fix vulnerabilities in a timely manner. Existing vulnerability detection methods usually rely on single code models, which may miss some vulnerabilities. This paper implements a vulnerability detection system by combining source code and assembly code models. First, code slices are extracted from the source code and assembly code. Second, these slices are aligned by the proposed code alignment algorithm. Third, aligned code slices are converted into vector and input into a hyper fusion-based deep learning model. Experiments are carried out to verify the system. The results show that the system presents a stable and convergent detection performance.

show abstract

Section: Resultmentioning

confidence: 99%

Section: Vulnerability Detection By Assembly Codementioning

confidence: 99%

See 1 more Smart Citation

A Vulnerability Detection System Based on Fusion of Assembly Code and Source Code

Feng

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…The source code of the smart contract is in unstructured form; thus, we need to learn the structure features of the smart contract code for better Ponzi scheme contract detection [ 48 , 49 , 50 ]. Therefore, instead of using the plain source code directly as the input of the model, we parse the source code into an Abstract Syntax Tree (AST) according to the ANTLR [ 51 ] syntax rules and then generate a Structure-Based Traversal (SBT) sequence from the AST using the SBT method [ 12 ].…”

Section: Smart Ponzi Scheme Detection Modelmentioning

confidence: 99%

Improving Ponzi Scheme Contract Detection Using Multi-Channel TextCNN and Transformer

Dai¹,

et al. 2021

Sensors

View full text Add to dashboard Cite

With the development of blockchain technologies, many Ponzi schemes disguise themselves under the veil of smart contracts. The Ponzi scheme contracts cause serious financial losses, which has a bad effect on the blockchain. Existing Ponzi scheme contract detection studies have mainly focused on extracting hand-crafted features and training a machine learning classifier to detect Ponzi scheme contracts. However, the hand-crafted features cannot capture the structural and semantic feature of the source code. Therefore, in this study, we propose a Ponzi scheme contract detection method called MTCformer (Multi-channel Text Convolutional Neural Networks and Transofrmer). In order to reserve the structural information of the source code, the MTCformer first converts the Abstract Syntax Tree (AST) of the smart contract code to the specially formatted code token sequence via the Structure-Based Traversal (SBT) method. Then, the MTCformer uses multi-channel TextCNN (Text Convolutional Neural Networks) to learn local structural and semantic features from the code token sequence. Next, the MTCformer employs the Transformer to capture the long-range dependencies of code tokens. Finally, a fully connected neural network with a cost-sensitive loss function in the MTCformer is used for classification. The experimental results show that the MTCformer is superior to the state-of-the-art methods and its variants in Ponzi scheme contract detection.

show abstract

“…the opcode and operand fragments, are encoded using a custom word2vec [16] model. BVDetector [20] operates based on pre-extracted program slices. It relies on a per-token word2vec encoding.…”

Section: Vulnerability Detection Using Assembly Language Representationsmentioning

confidence: 99%

ROMEO: Exploring Juliet through the Lens of Assembly Language

Brust¹,

Gruner²,

Sonnekalb³

2021

Preprint

View full text Add to dashboard Cite

Automatic vulnerability detection on C/C++ source code has benefitted from the introduction of machine learning to the field, with many recent publications considering this combination. In contrast, assembly language or machine code artifacts receive little attention, although there are compelling reasons to study them. They are more representative of what is executed, more easily incorporated in dynamic analysis and in the case of closed-source code, there is no alternative.We propose ROMEO, a publicly available, reproducible and reusable binary vulnerability detection benchmark dataset derived from the Juliet test suite. Alongside, we introduce a simple text-based assembly language representation that includes context for function-spanning vulnerability detection and semantics to detect high-level vulnerabilities. Finally, we show that this representation, combined with an off-the-shelf classifier, compares favorably to state-of-the-art methods, including those operating on the full C/C++ code.

show abstract

BVDetector: A program slice-based binary code vulnerability intelligent detection system

Cited by 36 publications

References 5 publications

A Vulnerability Detection System Based on Fusion of Assembly Code and Source Code

A Vulnerability Detection System Based on Fusion of Assembly Code and Source Code

Improving Ponzi Scheme Contract Detection Using Multi-Channel TextCNN and Transformer

ROMEO: Exploring Juliet through the Lens of Assembly Language

Contact Info

Product

Resources

About