{"title":"Assisting Vulnerability Detection by Prioritizing Crashes with Incremental Learning","authors":"Li Zhang, V. Thing","doi":"10.1109/TENCON.2018.8650188","DOIUrl":null,"url":null,"abstract":"The proliferation of Internet of Things (IoT) devices is accompanied by the tremendous increase of the attack surface of the networked embedded systems. Software vulnerabilities in these systems become easier than ever to be exploited by cybercriminals. Although fuzz testing is an effective technique to detect memory corruption induced vulnerabilities, it requires in-depth analysis of the typically massive crashes, which impedes the in-time identification and patching of potentially disastrous vulnerabilities. In this paper, we present a new approach that can efficiently classify crashes based on their exploitability, which facilitates the human analysts to prioritize the crashes to be examined and hence accelerate the discovery of vulnerabilities. A compact fingerprint for the dynamic execution trace of each crashing input is firstly generated based on n-gram analysis and feature hashing. The fingerprints are then fed to an online classifier to build the distinguishing model. The incremental learning enabled by the online classifier makes the built model scale well even for a large amount of crashes and at the same time easy to be updated for new crashes. Experiments on 4,392 exploitable crashes and 33,934 non-exploitable crashes show that our method can achieve an F1-score of 95% in detecting the exploitable crashes and significantly better accuracy than the popular crash classification tool !exploitable.","PeriodicalId":132900,"journal":{"name":"TENCON 2018 - 2018 IEEE Region 10 Conference","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"TENCON 2018 - 2018 IEEE Region 10 Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TENCON.2018.8650188","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
The proliferation of Internet of Things (IoT) devices is accompanied by the tremendous increase of the attack surface of the networked embedded systems. Software vulnerabilities in these systems become easier than ever to be exploited by cybercriminals. Although fuzz testing is an effective technique to detect memory corruption induced vulnerabilities, it requires in-depth analysis of the typically massive crashes, which impedes the in-time identification and patching of potentially disastrous vulnerabilities. In this paper, we present a new approach that can efficiently classify crashes based on their exploitability, which facilitates the human analysts to prioritize the crashes to be examined and hence accelerate the discovery of vulnerabilities. A compact fingerprint for the dynamic execution trace of each crashing input is firstly generated based on n-gram analysis and feature hashing. The fingerprints are then fed to an online classifier to build the distinguishing model. The incremental learning enabled by the online classifier makes the built model scale well even for a large amount of crashes and at the same time easy to be updated for new crashes. Experiments on 4,392 exploitable crashes and 33,934 non-exploitable crashes show that our method can achieve an F1-score of 95% in detecting the exploitable crashes and significantly better accuracy than the popular crash classification tool !exploitable.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
