- Title
- Cross-compiler bipartite vulnerability search
- Creator
- Black, Paul; Gondal, Iqbal
- Date
- 2021
- Type
- Text; Journal article
- Identifier
- http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/177811
- Identifier
- vital:15341
- Identifier
-
https://doi.org/10.3390/electronics10111356
- Identifier
- ISBN:2079-9292 (ISSN)
- Abstract
- Open-source libraries are widely used in software development, and the functions from these libraries may contain security vulnerabilities that can provide gateways for attackers. This paper provides a function similarity technique to identify vulnerable functions in compiled programs and proposes a new technique called Cross-Compiler Bipartite Vulnerability Search (CCBVS). CCBVS uses a novel training process, and bipartite matching to filter SVM model false positives to improve the quality of similar function identification. This research uses debug symbols in programs compiled from open-source software products to generate the ground truth. This automatic extraction of ground truth allows experimentation with a wide range of programs. The results presented in the paper show that an SVM model trained on a wide variety of programs compiled for Windows and Linux, x86 and Intel 64 architectures can be used to predict function similarity and that the use of bipartite matching substantially improves the function similarity matching performance. © 2021 by the authors. Licensee MDPI, Basel, Switzerland.
- Publisher
- MDPI AG
- Relation
- Electronics (Switzerland) Vol. 10, no. 11 (2021), p.
- Rights
- All metadata describing materials held in, or linked to, the repository is freely available under a CC0 licence
- Rights
- https://creativecommons.org/licenses/by/4.0/
- Rights
- Copyright: © 2021 by the authors. Licensee MDPI, Basel, Switzerland.
- Rights
- Open Access
- Subject
- 0906 Electrical and Electronic Engineering; Binary similarity; Bipartite matching; Function similarity; Machine-learning; Malware similarity
- Full Text
- Reviewed
- Funder
- This initiative was funded by the Department of Defence, and the Office of National Intelligence under the AI for Decision Making Program, delivered in partnership with the Defence Science Institute in Victoria.
- Hits: 1198
- Visitors: 1245
- Downloads: 98
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | SOURCE1 | Published version | 436 KB | Adobe Acrobat PDF | View Details Download |