Part of the book series:Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 193))
Included in the following conference series:
780Accesses
Abstract
For static vulnerability detection technology, traditional machine learning vulnerability detection methods mostly use abstract syntax trees as code representations. This will ignore semantic information such as code logical structure and data flow direction, which will ultimately affect the accuracy of vulnerability detection. In response to the above problems, this paper proposes a new attribute program slicing graph (APSG), which uses program slicing to simplify the structure of the graph based on the program dependency graph, and it also retains the semantic attributes of nodes. In addition, this article also uses graph embedding network to extract feature vectors and builds multiple neural network prediction models according to different vulnerability types, and finally achieves function-level vulnerability existence and type prediction for unknown binary files. Experiments have proven that the vulnerability prediction method proposed in this article is more accurate in predicting the existence and type of vulnerabilities than the existing binary vulnerability detection methods.
This is a preview of subscription content,log in via an institution to check access.
Access this chapter
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
- Chapter
- JPY 3498
- Price includes VAT (Japan)
- eBook
- JPY 32031
- Price includes VAT (Japan)
- Softcover Book
- JPY 40039
- Price includes VAT (Japan)
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Church, K.W.: Word2Vec. Natural Lang. Eng. 23(1), 155–162 (2017)
Perozzi, B., Al-Rfou, R., Skiena, S.: Deepwalk: online learning of social representations. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 701–710 (2014)
Grover, A., Leskovec, J.: node2vec: scalable feature learning for networks. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 855–864 (2016)
Li, Z., et al.: Vuldeepecker: a deep learning-based system for vulnerability detection. arxiv preprinthttps://arxiv.org/abs/1801.01681 (2018)
Zou, D., Wang, S., Xu, S., Li, Z., Hai, J.: μVulDeePecker: a deep learning-based system for multiclass vulnerability detection. IEEE Trans. Dependable Secure Comput. 18(5), 2224–2236 (2019)
Xu, M.: Understanding graph embedding methods and their applications. SIAM Rev. 63(4), 825–853 (2021)
Abdi, H.: A neural network primer. J. Biological Syst. 2(03), 247–281 (1994)
Fan, J., Li, Y., Wang, S., Nguyen, T.N.: AC/C++ code vulnerability dataset with code changes and CVE summaries. In: Proceedings of the 17th International Conference on Mining Software Repositories, pp. 508–512 (2020)
Cheng, W., Hua, X., Sui, Y.: Deepwukong: statically detecting software vulnerabilities using deep graph neural network. ACM Trans. Softw. Eng. Methodol. (TOSEM) 30(3), 1–33 (2021)
Binkley, W., Gallagher, K.B.: Program slicing. Adv. Comput. 43, 1–50 (1996)
Ribeiro, F.R., Saverese, P., Figueiredo, D.R.: struc2vec: learning node representations from structural identity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 385–394 (2017)
Ferschke, O., Iryna, G., Rittberger, M.: FlawFinder: a modular system for predicting quality flaws in Wikipedia. In: CLEF (Online Working Notes/Labs/Workshop), pp. 1–10 (2012)
Author information
Authors and Affiliations
Beijing University of Post and Telecommunications, Beijing Haidiandian District West, TuCheng Road 10, Beijing, China
Feng Tian & Baojiang Cui
Air Force Engineering University, No. 1, Changle East Road, Baqiao District, Xi’an, Shaanxi, China
Chen Chen
- Feng Tian
You can also search for this author inPubMed Google Scholar
- Baojiang Cui
You can also search for this author inPubMed Google Scholar
- Chen Chen
You can also search for this author inPubMed Google Scholar
Corresponding author
Correspondence toBaojiang Cui.
Editor information
Editors and Affiliations
Faculty of Information Engineering, Fukuoka Institute of Technology, Fukuoka, Japan
Leonard Barolli
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Tian, F., Cui, B., Chen, C. (2024). Binary Firmware Static Vulnerability Mining Based on Semantic Attributes and Graph Embedding Network. In: Barolli, L. (eds) Advances in Internet, Data & Web Technologies. EIDWT 2024. Lecture Notes on Data Engineering and Communications Technologies, vol 193. Springer, Cham. https://doi.org/10.1007/978-3-031-53555-0_20
Download citation
Published:
Publisher Name:Springer, Cham
Print ISBN:978-3-031-53554-3
Online ISBN:978-3-031-53555-0
eBook Packages:Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative