SemHunt: Identifying Vulnerability Type with Double Validation in Binary Code

Li, Yao; Xu, Weiyang; Tang, Yong; Mi, Xianya; Wang, Baosheng

doi:10.18293/seke2017-117

Cited by 7 publications

(5 citation statements)

References 10 publications

(7 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It not only presents precise, fine-grained and quantitative results about the differences at a whole binary scale but also explicitly reveals how code evolves across different versions or optimization levels. Because of the precision and fine-granularity, it has enabled many critical security usages in various scenarios when program-wide analysis is required, such as changed parts locating [1], malware analysis [28], [45], security patch analysis [55], [38], binary wide plagiarism detection [40] and patch-based exploit generation [11]. As a result, binary diffing has been an active research focus.…”

Section: Introductionmentioning

confidence: 99%

DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing

Duan¹,

Li²,

Wang³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

119

View full text Add to dashboard Cite

Binary diffing analysis quantitatively measures the differences between two given binaries and produces fine-grained basic block level matching. It has been widely used to enable different kinds of critical security analysis. However, all existing program analysis and machine learning based techniques suffer from low accuracy, poor scalability, coarse granularity, or require extensive labeled training data to function. In this paper, we propose an unsupervised program-wide code representation learning technique to solve the problem. We rely on both the code semantic information and the program-wide control flow information to generate basic block embeddings. Furthermore, we propose a khop greedy matching algorithm to find the optimal diffing results using the generated block embeddings. We implement a prototype called DEEPBINDIFF and evaluate its effectiveness and efficiency with a large number of binaries. The results show that our tool outperforms the state-of-the-art binary diffing tools by a large margin for both cross-version and cross-optimization-level diffing. A case study for OpenSSL using real-world vulnerabilities further demonstrates the usefulness of our system.

show abstract

Section: Introductionmentioning

confidence: 99%

DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing

Duan¹,

Li²,

Wang³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

119

View full text Add to dashboard Cite

show abstract

“…Binary code similarity comparison is used for detecting whether two given binary functions are similar. It plays an essential role in many computer security applications, including code clone detection [1][2][3][4], malware classification [5][6][7][8], security patch analysis [9,10], and vulnerability discovery [11][12][13]. However, with the increase of various options for compilation settings, the binary code similarity comparison faces some severe challenges.…”

Section: Introductionmentioning

confidence: 99%

Hierarchical Attention Graph Embedding Networks for Binary Code Similarity against Compilation Diversity

Wang

Jia

Huang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Binary code similarity comparison is the technique that determines if two functions are similar by only considering their compiled form, which has many applications, including clone detection, malware classification, and vulnerability discovery. However, it is challenging to design a robust code similarity comparison engine since different compilation settings that make logically similar assembly functions appear to be very different. Moreover, existing approaches suffer from high-performance overheads, lower robustness, or poor scalability. In this paper, a novel solution HBinSim is proposed by employing the multiview features of the function to address these challenges. It first extracts the syntactic and semantic features of each basic block by static analysis. HBinSim further analyzes the function and constructs a syntactic attribute control flow graph and a semantic attribute control flow graph for each function. Then, a hierarchical attention graph embedding network is designed for graph-structured data processing. The network model has a hierarchical structure that mirrors the hierarchical structure of the function. It has three levels of attention mechanisms applied at the instruction, basic block, and function level, enabling it to attend differentially to more and less critical content when constructing the function representation. We conduct extensive experiments to evaluate its effectiveness and efficiency. The results show that our tool outperforms the state-of-the-art binary code similarity comparison tools by a large margin against compilation diversity clone searching. A real-world vulnerabilities search case further demonstrates the usefulness of our system.

show abstract

“…Such applications are of pa interest to hackers, because finding vulnerabilities in them does not require special embedded systems background. There are many different file systems for embedded devices including SquashFS 26 , UBIFS 27 , YAFFS2 28 , and JFFS2 29 .…”

Section: Firmware Extractionmentioning

confidence: 99%

“…blocks of IR instructions [24] and conditional formulas [25]. Recently, machine learning algorithms have also been leveraged in order to quickly find code similar to a known vulnerable component [26], [27], [28].…”

Section: Finding Potentially Vulnerable Componentsmentioning

confidence: 99%

See 1 more Smart Citation

IoT Hacking – A Primer

Papp¹,

Tamás²,

Buttyán³

2019

Infocommunications journal

View full text Add to dashboard Cite

The Internet of Things (IoT) enables many new and exciting applications, but it also creates a number of new risks related to information security. Several recent attacks on IoT devices and systems illustrate that they are notoriously insecure. It has also been shown that a major part of the attacks resulted in full adversarial control over IoT devices, and the reason for this is that IoT devices themselves are weakly protected and they often cannot resist even the most basic attacks. Penetration testing or ethical hacking of IoT devices can help discovering and fixing their vulnerabilities that, if exploited, can result in highly undesirable conditions, including damage of expensive physical equipment or even loss of human life. In this paper, we give a basic introduction into hacking IoT devices. We give an overview on the methods and tools for hardware hacking, firmware extraction and unpacking, and performing basic firmware analysis. We also provide a survey on recent research on more advanced firmware analysis methods, including static and dynamic analysis of binaries, taint analysis, fuzzing, and symbolic execution techniques. By giving an overview on both practical methods and readily available tools as well as current scientific research efforts, our work can be useful for both practitioners and academic researchers.

show abstract

SemHunt: Identifying Vulnerability Type with Double Validation in Binary Code

Cited by 7 publications

References 10 publications

DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing

DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing

Hierarchical Attention Graph Embedding Networks for Binary Code Similarity against Compilation Diversity

IoT Hacking – A Primer

Contact Info

Product

Resources

About