Research On Intelligent Detection Of Binary Code Vulnerabilities Based Onprogram Slice

With the rapid development of information technology,various kinds of software have been developed to meet people s different needs.However,software will inevitably have certain security vulnerabilities,and attackers use software vulnerabilities to attack the network,which poses a serious threat to network security.It is very important to detect security flaws in software in time to avoid attacks.Because closed source software cannot access the source code of the program,vulnerability detection based on binary program has been widely used by vulnerability excavators to find software vulnerabilities.Artificial intelligence technology has developed rapidly in recent years,and its application has become more and more extensive.The research on software vulnerability detection based on machine learning method has also made some progress.However,the existing methods have many problems,such as strong subjectivity,coarse detection granularity,high false positive rate and high false negative rate.Based on the research of binary program vulnerability detection,aiming at the problems of high false positive rate,dependence on expert experience and coarse measurement granularity existing in current binary vulnerability detection technology,this thesis proposes an intelligent detection scheme of binary code vulnerability based on program slice,and implements a binary code vulnerability detection system based on deep learning.The main works of this thesis are as follows:Firstly,the fine-grained program slices are used to represent binary programs,and deep learning technology is used to design and construct Recurrent Neural Networks model,Long Short Term Mermory network model,Gated Recurrent Units network model,Bidirectional Recurrent Neural Networks model,Bidirectional Long Short Term Mermory network model and Bidirectional Gated Recurrent Units network model,which can be applied to binary code vulnerability detection.After testing these deep learning models,the best-performing deep learning model is selected to automatically detect binary program vulnerabilities.Secondly,the generation mechanism of program slices and the tagging strategy of program slices are proposed.The solution is based on the data flow and control flow analysis of the binary code,extracting the library/API function call slices from the binary program,and adding vulnerable or non-vulnerable labels to it.At the same time,the program slices are converted into vector representations using Word2 vec method,and the optimal combination of parameters is selected through experiments to train and optimize the deep learning model.Finally,a deep learning-based system for binary code vulnerability detection,BVDetector,is designed and implemented,and relevant experiments are carried out on the test set.The experimental results show that the system can effectively detect vulnerabilities in binary programs.Compared with the existing pattern-based vulnerability detection methods and code similarity-based vulnerability detection methods,the system has lower false positive rate and false negative rate,and higher accuracy.