| With the development of computer technology,the emergence of loopholes is also more and more frequent.Manufactures may do some remedial measures to mix the vul-nerabilities,such as the patches.There is no doubt that the patches contain a wealth of vulnerability information,however sometimes the information in the patch is not disclosed by the manufactures,who even sometimes hide some patch information.Also,patches released by a binary program is difficult to use the method based on source to analysis.Therefore,the algorithm of binary comparison has been well developed.However,the current binary comparison algorithm does not show the reason for the match result.On the other hand,the existing pattern detection based on pattern matching has the defects of high false positive rate and time-comsuming manual extraction.In order to solve the above problems,we first propose a binary alignment algorithm characterized by k-paths,which we match based on the semantic features.Secondly,in order to extract the time-consuming and labor-intensive vulnerabilities,we propose a semi-automatic extraction method,First locate the vulnerability and patch function and the basic block,followed by the use of stain analysis of the stain data and stain misuse tracking,the last pattern feature extraction.Finally,in view of the high false positive rate,we propose a double detection method based on patch information,which is tested separately in source and patch,and the false alarm rate is reduced by combining the two results.We first conducted binary alignment and pattern feature extraction experiments with two instances of”CVE-2010-3333-Microsoft Office RTF pFragments" and”CVE-2012-0003-Microsoft Windows Media Player winmm.dll MIDI" Accuracy and reduce the time consumption;and with a number of CVE loopholes in the software double detection of verification,in two ways to effectively reduce the false alarm rate. |
PDF Full Text Request