Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Similarity detection method for unknown vulnerability discovery based on patch information

A technology of unknown vulnerabilities and detection methods, which is applied in the field of similarity detection to discover unknown vulnerabilities by using patch information, can solve problems such as low ranking results, low similarity values, high similarity, etc., to improve detection accuracy, low Performance overhead, the effect of reducing interference

Active Publication Date: 2018-07-10
RENMIN UNIVERSITY OF CHINA
View PDF4 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When a function that does not contain a vulnerability is similar to a function with known vulnerabilities in the noise part, a higher similarity may be obtained due to a larger noise ratio, resulting in false positives; and when a function that does contain similar vulnerabilities, When the characteristics of the noise statement outside the vulnerability-related statement are not similar to the known vulnerability function, the calculated similarity value may be low and the ranking result may be lower, resulting in false negatives
Therefore, if the noise in the function where the known vulnerability is located is not processed, the extracted function features will be mixed with noise features, which will eventually affect the effectiveness of the detection method and increase the difficulty of manual auditing.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Similarity detection method for unknown vulnerability discovery based on patch information
  • Similarity detection method for unknown vulnerability discovery based on patch information
  • Similarity detection method for unknown vulnerability discovery based on patch information

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0040] The method of the present invention is deployed on a 64-bit Ubuntu 16.04 platform, and GCC4.9 is used as a compiler. The open source audio and video processing library FFmpeg version 3.2.4 and the open source image browsing software Ghostscript version 9.21, which are widely supported by multiple platforms, are selected as the experimental objects. Among them, FFmpeg contains 1583 files and 15598 functions, and Ghostscript contains 935 files and 15875 functions. In terms of vulnerabilities, the newly announced vulnerabilities of these two softwares in 2017 were selected as known target vulnerabilities for detection experiments.

[0041] The method of the present invention involves three main steps. The slicing, normalization and vectorization are all directly deployed in GCC, and the slicing and vector mapping are simultaneously implemented in the compiling process to output feature vectors. The similarity calculation is performed separately after that, and the similar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a similarity detection method for unknown vulnerability discovery based on patch information. The method comprises steps as follows: a known vulnerability function and a patchfunction after patching are sliced, and slices containing vulnerability related statements and slices containing patch statements are generated; variable names, variable types and function call namesof a to-be-detected function, the vulnerability slices and the patch slices are subjected to symbol normalization; the to-be-detected function, the vulnerability slices and the patch slices are mapped to vector space to generate to-be-detected function characteristic vectors, vulnerability characteristic vectors and patch characteristic vectors, one vector is formed by each of the to-be-detectedfunction characteristic vectors, the vulnerability characteristic vectors and the patch characteristic vectors, and a value of each dimension of the one vector represents a product of the number of appearing times of the characteristic statement in the function and TF-IDF weight; after generation of the characteristic vectors, similarity of the characteristic vectors is calculated and sequencing is performed, and whether unknown vulnerability with the characteristics similar to those of known vulnerability in a to-be-detected function set is judged. According to the method, disturbance of vulnerability unrelated statements can be effectively reduced, and detection accuracy is improved.

Description

technical field [0001] The invention relates to a method for detecting unknown loopholes, in particular to a similarity detection method for discovering unknown loopholes by using patch information applied in the field of information security. Background technique [0002] Vulnerability is an important cause of software failures and errors, so vulnerability detection has always been a research hotspot in the field of software security. Static detection technology, as one of the mainstream vulnerability detection technologies, has been proven to be effective in detecting vulnerabilities in code, and many related works have proposed methods to detect specific vulnerabilities through static analysis, such as detecting the use of some unsafe functions. In order to automatically detect specific vulnerabilities, these static analysis methods need to rely on prior knowledge, that is, coding rules to detect code that violates them. Whether the coding rules are given manually based ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/563G06F21/577
Inventor 梁彬李赞边攀石文昌
Owner RENMIN UNIVERSITY OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products