Pangr: A Behavior-based Automatic Vulnerability Detection and Exploitation Framework

被引：6

作者：

Liu, Danjun ^{[1
]}

Wang, Jingyuan ^{[1
]}

Rong, Zelin ^{[1
]}

Mi, Xianya ^{[1
]}

Gai, Fangyu ^{[1
]}

Yong, Tang ^{[1
]}

Wang, Baosheng ^{[1
]}

机构：

[1] Natl Univ Def & Technol, Coll Comp, Changsha, Hunan, Peoples R China

来源：

2018 17TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (IEEE TRUSTCOM) / 12TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING (IEEE BIGDATASE) | 2018年

基金：

中国国家自然科学基金;

关键词：

automatic detection; automatic exploit generation; software security; automatic patching;

D O I：

10.1109/TrustCom/BigDataSE.2018.00103

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Nowadays, with the size and complexity of software increasing rapidly, vulnerabilities are becoming diversified and hard to identify. It is unpractical to detect and exploit vulnerabilities by manual construction. Therefore, an efficient automatic method of detecting and exploiting software vulnerability is in critical demand. This paper implements Pangr, an entire system for automatic vulnerability detection, exploitation, and patching. Pangr builds a complete vulnerability model based on its triggering behavior to identify vulnerabilities and generate exp or exploit schemes. According to the type and feature of the vulnerability, Pangr can generate the specific patch for the software. In the experiment, we tested 20 vulnerable programs on 32-bit Linux machine. Pangr detected 16 vulnerabilities, generated 10 exp, and patched 14 programs.

引用

页码：705 / 712

页数：8

共 50 条

[41] WiLabel: Behavior-Based Room Type Automatic Annotation for Indoor Floorplan
Chen, Yongle
Yao, Qinghua
Yu, Dan
Yang, Yuli
IEEE ACCESS, 2019, 7 : 79118 - 79126
[42] Behavior-Based Advertising
Shen, Qiaowei
Villas-Boas, J. Miguel
MANAGEMENT SCIENCE, 2018, 64 (05) : 2047 - 2064
[43] Advanced Intrusion Detection Combining Signature-Based and Behavior-Based Detection Methods
Kwon, Hee-Yong
Kim, Taesic
Lee, Mun-Kyu
ELECTRONICS, 2022, 11 (06)
[44] An Intelligent Behavior-Based Ransomware Detection System For Android Platform
Alzahrani, Abdulrahman
Alshahrani, Hani
Alshehri, Ali
Fu, Huirong
2019 FIRST IEEE INTERNATIONAL CONFERENCE ON TRUST, PRIVACY AND SECURITY IN INTELLIGENT SYSTEMS AND APPLICATIONS (TPS-ISA 2019), 2019, : 28 - 35
[45] RESEARCH ON BEHAVIOR-BASED DETECTION METHOD FOR MOBILE APPLICATION SECURITY
Chen Jianmin
2012 INTERNATIONAL CONFERENCE ON INDUSTRIAL CONTROL AND ELECTRONICS ENGINEERING (ICICEE), 2012, : 240 - 243
[46] A Behavior-based Intrusion Detection Technique for Smart Grid Infrastructure
Kwon, YooJin
Kim, Huy Kang
Lim, Yong Hun
Lim, Jong In
2015 IEEE EINDHOVEN POWERTECH, 2015,
[47] A Design of Network Behavior-Based Malware Detection System for Android
Qi, Yincheng
Cao, Mingjing
Zhang, Can
Wu, Ruping
ALGORITHMS AND ARCHITECTURES FOR PARALLEL PROCESSING, ICA3PP 2014, PT II, 2014, 8631 : 590 - 600
[48] Direct vs Indirect Methods for Behavior-based Attack Detection
Gadginmath, Darshan
Krishnan, Vishaal
Pasqualetti, Fabio
2022 IEEE 61ST CONFERENCE ON DECISION AND CONTROL (CDC), 2022, : 7090 - 7096
[49] A BEHAVIOR-BASED CROSS-SITE SCRIPTING DETECTION TECHNIQUE
Wang Liang
Wang Xiuting
2011 INTERNATIONAL CONFERENCE ON COMPUTER AND COMPUTATIONAL INTELLIGENCE (ICCCI 2011), 2012, : 519 - 523
[50] Behavior-based model of detection and prevention of intrusions in computer networks
Serdiouk, V
COMPUTER NETWORK SECURITY, PROCEEDINGS, 2005, 3685 : 380 - 393

← 1 2 3 4 5 →