Abstract
The existence of software vulnerabilities, especially 0day vulnerabilities, brings potential dangers to computer users, and more targeted network attacks occur frequently. Based on the dynamic instruction flow of software with vulnerabilities from startup to crash and Windows exception handling mechanism, this paper proposes a software vulnerability crash site location technology at the basic block level (BBL). Then, backtrack the program execution flow from the software crash point and extract variable-length function sequences and abstract coded instruction sequences under specific constraints. Finally, fuzzy measurement and precise measurement are used to calculate the similarity of vulnerabilities. Vulnerability similarity experiments were performed on 23 CVE vulnerability samples. The similarity of different CVE vulnerability samples was less than 0.01%, and the similarity of different PoC samples of the same CVE vulnerability was as high as 99.7%. By establishing a complete vulnerability signature database, automatic verification of new vulnerabilities and identification of 0day vulnerabilities can be achieved.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
MSEC.dll. http://msecdbg.codeplex.com/
Puhan, Z., Jianxiong, W., Xin, W., et al.: Program crash analysis based on taint analysis. In: 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, pp. 492–498. IEEE (2014)
Wu, R., Zhang, H., Cheung, S.C., et al.: CrashLocator: locating crashing faults based on crash stacks. In: Proceedings of the 2014 International Symposium on Software Testing and Analysis, pp. 204–214. ACM (2014)
Cui, W., Peinado, M., Cha, S.K., et al.: RETracer: triaging crashes by reverse execution from partial memory dumps. In: 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE), pp. 820–831. IEEE (2016)
Dai, P., Pan, Z., Shi, F.: Research on crash classification for vulnerability types. Comput. Eng. Appl., 1–10 (2019)
Gu, Y., Xuan, J., Zhang, H., et al.: Does the fault reside in a stack trace? Assisting crash localization by predicting crashing fault residence. J. Syst. Softw. 148, 88–104 (2019)
Pin. https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool
Jaccard, P.: Étude comparative de la distribution florale dans une portion des Alpes et du Jura. Bulletin de la Société Vaudoise des Sciences Naturelles 37, 547–579 (1901)
Needleman, S.B., Wunsch, C.: A general method applicable to the search for similarities in the amino acid sequence of two proteins. J. Mol. Biol. 48(3), 443–453 (1970)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, X., Cui, B., Xu, X., Ma, Q. (2021). Research on Vulnerability Site Location and Vulnerability Similarity Technology. In: Barolli, L., Poniszewska-Maranda, A., Park, H. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing . IMIS 2020. Advances in Intelligent Systems and Computing, vol 1195. Springer, Cham. https://doi.org/10.1007/978-3-030-50399-4_61
Download citation
DOI: https://doi.org/10.1007/978-3-030-50399-4_61
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50398-7
Online ISBN: 978-3-030-50399-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)