SAViP: Semantic-Aware Vulnerability Prediction for Binary Programs with Neural Networks

被引:0
|
作者
Zhou, Xu [1 ]
Duan, Bingjie [1 ]
Wu, Xugang [1 ]
Wang, Pengfei [1 ]
机构
[1] Natl Univ Def Technol, Coll Comp, Changsha 410073, Peoples R China
来源
APPLIED SCIENCES-BASEL | 2023年 / 13卷 / 04期
关键词
vulnerability prediction; binary program; neural networks; software security;
D O I
10.3390/app13042271
中图分类号
O6 [化学];
学科分类号
0703 ;
摘要
Vulnerability prediction, in which static analysis is leveraged to predict the vulnerabilities of binary programs, has become a popular research topic. Traditional vulnerability prediction methods depend on vulnerability patterns, which must be predefined by security experts in a time-consuming manner. The development of Artificial Intelligence (AI) has yielded new options for vulnerability prediction. Neural networks allow vulnerability patterns to be learned automatically. However, current works extract only one or two types of features and use traditional models such as word2vec, which results in the loss of much instruction-level information. In this paper, we propose a model named SAViP to predict vulnerabilities in binary programs. To fully extract binary information, we integrate three kinds of features: semantic, statistical, and structural features. For semantic features, we apply the Masked Language Model (MLM) pre-training task of the RoBERTa model to the assembly code to build our language model. Using this model, we innovatively combine the beginning token and the operation-code token to create the instruction embedding. For the statistical features, we design a 56-dimensional feature vector that contains 43 kinds of instructions. For the structural features, we improve the ability of the structure2vec network to obtain the characteristic of the network by emphasizing node self-attention. Through these optimizations, we significantly increase the accuracy of vulnerability prediction over existing methods. Our experiments show that SAViP achieves a recall of 77.85% and Top 100 similar to 600 accuracies all above 95%. The results are 10% and 13% higher than those of the state-of-the-art V-Fuzz, respectively.
引用
收藏
页数:17
相关论文
共 50 条
  • [21] CLFuzz: Vulnerability Detection of Cryptographic Algorithm Implementation via Semantic-aware Fuzzing
    Zhou, Yuanhang
    Ma, Fuchen
    Chen, Yuanliang
    Ren, Meng
    Jiang, Yu
    ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2024, 33 (02)
  • [22] Heterogeneous graph neural network with semantic-aware differential privacy guarantees
    Wei, Yuecen
    Fu, Xingcheng
    Yan, Dongqi
    Sun, Qingyun
    Peng, Hao
    Wu, Jia
    Wang, Jinyan
    Li, Xianxian
    KNOWLEDGE AND INFORMATION SYSTEMS, 2023, 65 (10) : 4085 - 4110
  • [23] Semantic-Aware Deep Neural Attention Network for Machine Translation Detection
    Shi, Yangbin
    Lu, Jun
    Gu, Shuqin
    Wang, Qiang
    Zheng, Xiaolin
    MACHINE TRANSLATION, CCMT 2021, 2021, 1464 : 63 - 76
  • [24] Heterogeneous graph neural network with semantic-aware differential privacy guarantees
    Yuecen Wei
    Xingcheng Fu
    Dongqi Yan
    Qingyun Sun
    Hao Peng
    Jia Wu
    Jinyan Wang
    Xianxian Li
    Knowledge and Information Systems, 2023, 65 : 4085 - 4110
  • [25] SDTP: Semantic-Aware Decoupled Transformer Pyramid for Dense Image Prediction
    Li, Zekun
    Liu, Yufan
    Li, Bing
    Feng, Bailan
    Wu, Kebin
    Peng, Chengwei
    Hu, Weiming
    IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS FOR VIDEO TECHNOLOGY, 2022, 32 (09) : 6160 - 6173
  • [26] WASMaker: Differential Testing of WebAssembly Runtimes via Semantic-Aware Binary Generation
    Cao, Shangtong
    He, Ningyu
    She, Xinyu
    Zhang, Yixuan
    Zhang, Mu
    Wang, Haoyu
    PROCEEDINGS OF THE 33RD ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS, ISSTA 2024, 2024, : 1262 - 1273
  • [27] Semantic-Aware Resource Allocation in Constrained Networks with Limited User Participation
    Marnissi, Ouiame
    EL Hammouti, Hajar
    Bergou, El Houcine
    2024 IEEE WIRELESS COMMUNICATIONS AND NETWORKING CONFERENCE, WCNC 2024, 2024,
  • [28] Forecasting the Acceptance of New Information Services by using the Semantic-aware Prediction Model
    Vrdoljak, Luka
    Podobnik, Vedran
    Jezic, Gordan
    COMPUTER SCIENCE AND INFORMATION SYSTEMS, 2013, 10 (03) : 1025 - 1052
  • [29] Semantic-Aware Implicit Neural Audio-Driven Video Portrait Generation
    Liu, Xian
    Xu, Yinghao
    Wu, Qianyi
    Zhou, Hang
    Wu, Wayne
    Zhou, Bolei
    COMPUTER VISION, ECCV 2022, PT XXXVII, 2022, 13697 : 106 - 125
  • [30] SPTF: A Scalable Probabilistic Tensor Factorization Model for Semantic-Aware Behavior Prediction
    Yin, Hongzhi
    Chen, Hongxu
    Sun, Xiaoshuai
    Wang, Hao
    Wang, Yang
    Quoc Viet Hung Nguyen
    2017 17TH IEEE INTERNATIONAL CONFERENCE ON DATA MINING (ICDM), 2017, : 585 - 594