Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis
Vulnerability is a major threat to software security. It has been proven that binary code similarity detection approaches are efficient to search for recurring vulnerabilities introduced by code sharing in binary software. However, these approaches suffer from high false-positive rates (FPRs) since...
Saved in:
| Main Authors: | , , , , , , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/173498 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-173498 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1734982024-02-07T05:27:33Z Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis Yang, Shouguo Xu, Zhengzi Xiao, Yang Lang, Zhe Tang, Wei Liu, Yang Shi, Zhiqiang Li, Hong Sun, Limin School of Computer Science and Engineering Computer and Information Science Malicious Function Input Vulnerability Detection Vulnerability is a major threat to software security. It has been proven that binary code similarity detection approaches are efficient to search for recurring vulnerabilities introduced by code sharing in binary software. However, these approaches suffer from high false-positive rates (FPRs) since they usually take the patched functions as vulnerable, and they usually do not work well when binaries are compiled with different compilation settings. To this end, we propose an approach, named Robin, to confirm recurring vulnerabilities by filtering out patched functions. Robin is powered by a lightweight symbolic execution to solve the set of function inputs that can lead to the vulnerability-related code. It then executes the target functions with the same inputs to capture the vulnerable or patched behaviors for patched function filtration. Experimental results show that Robin achieves high accuracy for patch detection across different compilers and compiler optimization levels respectively on 287 real-world vulnerabilities of 10 different software. Based on accurate patch detection, Robin significantly reduces the false-positive rate of state-of-the-art vulnerability detection tools (by 94.3% on average), making them more practical. Robin additionally detects 12 new potentially vulnerable functions. This research was supported in part by National Key R&D Program of China (Grant No. 2022YFB3103904), the Strategic Priority Research Program of Chinese Academy of Sciences (Grant No. XDC02020100), Joint Fund Cultivation Project of National Natural Science Foundation of China (Grant No. U1636120), the Science and Technology Project of State Grid Corporation of China (Grant No. 5700-202258499A-3-0-ZZ), National Natural Science Foundation of China (Grant No. U1766215), the Young Scientists Fund of the National Natural Science Foundation of China (Grant No. 62002342), and Chinese National Natural Science Foundation (Grant No. 62202462). 2024-02-07T05:27:33Z 2024-02-07T05:27:33Z 2023 Journal Article Yang, S., Xu, Z., Xiao, Y., Lang, Z., Tang, W., Liu, Y., Shi, Z., Li, H. & Sun, L. (2023). Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis. ACM Transactions On Software Engineering and Methodology, 32(6), 158:1-158:29. https://dx.doi.org/10.1145/3604608 1049-331X https://hdl.handle.net/10356/173498 10.1145/3604608 2-s2.0-85174732311 6 32 158:1 158:29 en ACM Transactions on Software Engineering and Methodology © 2023 the Owner/Author(s). Publication rights licensed to ACM. All rights reserved. |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Computer and Information Science Malicious Function Input Vulnerability Detection |
| spellingShingle |
Computer and Information Science Malicious Function Input Vulnerability Detection Yang, Shouguo Xu, Zhengzi Xiao, Yang Lang, Zhe Tang, Wei Liu, Yang Shi, Zhiqiang Li, Hong Sun, Limin Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis |
| description |
Vulnerability is a major threat to software security. It has been proven that binary code similarity detection approaches are efficient to search for recurring vulnerabilities introduced by code sharing in binary software. However, these approaches suffer from high false-positive rates (FPRs) since they usually take the patched functions as vulnerable, and they usually do not work well when binaries are compiled with different compilation settings. To this end, we propose an approach, named Robin, to confirm recurring vulnerabilities by filtering out patched functions. Robin is powered by a lightweight symbolic execution to solve the set of function inputs that can lead to the vulnerability-related code. It then executes the target functions with the same inputs to capture the vulnerable or patched behaviors for patched function filtration. Experimental results show that Robin achieves high accuracy for patch detection across different compilers and compiler optimization levels respectively on 287 real-world vulnerabilities of 10 different software. Based on accurate patch detection, Robin significantly reduces the false-positive rate of state-of-the-art vulnerability detection tools (by 94.3% on average), making them more practical. Robin additionally detects 12 new potentially vulnerable functions. |
| author2 |
School of Computer Science and Engineering |
| author_facet |
School of Computer Science and Engineering Yang, Shouguo Xu, Zhengzi Xiao, Yang Lang, Zhe Tang, Wei Liu, Yang Shi, Zhiqiang Li, Hong Sun, Limin |
| format |
Article |
| author |
Yang, Shouguo Xu, Zhengzi Xiao, Yang Lang, Zhe Tang, Wei Liu, Yang Shi, Zhiqiang Li, Hong Sun, Limin |
| author_sort |
Yang, Shouguo |
| title |
Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis |
| title_short |
Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis |
| title_full |
Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis |
| title_fullStr |
Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis |
| title_full_unstemmed |
Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis |
| title_sort |
towards practical binary code similarity detection: vulnerability verification via patch semantic analysis |
| publishDate |
2024 |
| url |
https://hdl.handle.net/10356/173498 |
| _version_ |
1794549285302304768 |