Pangr: A Behavior-based Automatic Vulnerability Detection and Exploitation Framework

被引:6
|
作者
Liu, Danjun [1 ]
Wang, Jingyuan [1 ]
Rong, Zelin [1 ]
Mi, Xianya [1 ]
Gai, Fangyu [1 ]
Yong, Tang [1 ]
Wang, Baosheng [1 ]
机构
[1] Natl Univ Def & Technol, Coll Comp, Changsha, Hunan, Peoples R China
来源
2018 17TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (IEEE TRUSTCOM) / 12TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING (IEEE BIGDATASE) | 2018年
基金
中国国家自然科学基金;
关键词
automatic detection; automatic exploit generation; software security; automatic patching;
D O I
10.1109/TrustCom/BigDataSE.2018.00103
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Nowadays, with the size and complexity of software increasing rapidly, vulnerabilities are becoming diversified and hard to identify. It is unpractical to detect and exploit vulnerabilities by manual construction. Therefore, an efficient automatic method of detecting and exploiting software vulnerability is in critical demand. This paper implements Pangr, an entire system for automatic vulnerability detection, exploitation, and patching. Pangr builds a complete vulnerability model based on its triggering behavior to identify vulnerabilities and generate exp or exploit schemes. According to the type and feature of the vulnerability, Pangr can generate the specific patch for the software. In the experiment, we tested 20 vulnerable programs on 32-bit Linux machine. Pangr detected 16 vulnerabilities, generated 10 exp, and patched 14 programs.
引用
收藏
页码:705 / 712
页数:8
相关论文
共 50 条
  • [31] A behavior-based interruption detection framework for secure internet of things-based smart industry job transactions
    M. Vijayakumar
    T. S. Shiny Angel
    Soft Computing, 2023, 27 : 11801 - 11813
  • [32] Behavior-based intrusion detection in mobile phone systems
    Boukerche, A
    Notare, MSMA
    JOURNAL OF PARALLEL AND DISTRIBUTED COMPUTING, 2002, 62 (09) : 1476 - 1490
  • [33] A behavior-based interruption detection framework for secure internet of things-based smart industry job transactions
    Vijayakumar, M.
    Angel, T. S. Shiny
    SOFT COMPUTING, 2023, 27 (16) : 11801 - 11813
  • [34] A CNN-based automatic vulnerability detection
    Jung Hyun An
    Zhan Wang
    Inwhee Joe
    EURASIP Journal on Wireless Communications and Networking, 2023
  • [35] A Behavior-Based Framework for Assessing Product Line-Ability
    Reinhartz-Berger, Iris
    Zamansky, Anna
    ADVANCED INFORMATION SYSTEMS ENGINEERING, CAISE 2018, 2018, 10816 : 571 - 586
  • [36] An effective behavior-based Android malware detection system
    Zou, Shihong
    Zhang, Jing
    Lin, Xiaodong
    SECURITY AND COMMUNICATION NETWORKS, 2015, 8 (12) : 2079 - 2089
  • [37] A CNN-based automatic vulnerability detection
    An, Jung Hyun
    Wang, Zhan
    Joe, Inwhee
    EURASIP JOURNAL ON WIRELESS COMMUNICATIONS AND NETWORKING, 2023, 2023 (01)
  • [38] Scalable Machine Learning Framework for Behavior-Based Access Control
    Cleveland, Jeffrey
    Mayhew, Michael Jay
    Adler, Aaron
    Atighetchi, Michael
    2013 6TH INTERNATIONAL SYMPOSIUM ON RESILIENT CONTROL SYSTEMS (ISRCS), 2013, : 181 - 184
  • [39] Improved behavior-based malware detection algorithm with AdaBoost
    Cao, Y. (yingcao@stu.xidian.edu.cn), 1600, Science Press (40):
  • [40] AB-TCAD: An Access Behavior-Based Two-stage Compromised Account Detection Framework
    He, Kunling
    Li, Fenghua
    Wang, Jessie Hui
    Zhang, Han
    Zhao, Yiren
    2024 23RD IFIP NETWORKING CONFERENCE, IFIP NETWORKING 2024, 2024, : 95 - 103
12345