Research On Bug Search For Cross-architecture Binary Based On Machine Learning

Io T security is a hotspot in network security research today.Exploiting firmware vulnerabilities is one of the most widespread attack methods that affect Io T security.Attackers can use firmware vulnerabilities to achieve continuous threats to Io T devices.In order to facilitate development,many vendors use unverified third-party open source libraries,causing the same vulnerability to exist in many Io T devices.Therefore,searching for library function vulnerabilities in firmware has become a research in recent years.This thesis studied cross-architecture binary vulnerability function search problems,and built a machine learning-based cross-architecture vulnerability search model based on the selection of robust features,cross-architecture vulnerability search,and cross-version function identification in the current solution.A modeloriented feature selection genetic algorithm and a function embedding and generation algorithm based on model fusion were designed,and the concept of the shortest complete execution path was proposed to identify the fine-grained changes of function patches,enabling accurate search of vulnerability functions in a cross-architecture environment.The main research contents and innovations of this thesis are as follows:1)The selection of robust features of binary functions was studied.The features selected by the current scheme are not adaptable and cannot deal with the changes in binary code caused by differences in the compilation environment.A binary function feature selection model was constructed and a model-oriented design was designed.The genetic algorithm realizes the selection of features that are robust under different architectures and compilation environments from the function control flow graph,and combines data flow and function call information as the final selected features.2)The cross-architecture binary vulnerability function search problem was studied.For the problem that the current solution has low search accuracy in the cross-architecture environment,based on the selected robust features,a cross-architecture vulnerability search model based on model fusion was constructed.Learn more complete function semantic information from the two levels of features within and between functions,respectively,to achieve an effective crossarchitecture binary vulnerability function search solution.3)The cross-version binary function recognition problem was studied.For the problem that the accuracy of the vulnerability search scheme based on function similarity could not distinguish between the vulnerability function and the patch function,an Inst-CNN model was constructed to solve the problem of instruction cross-architecture comparison.The concept of the shortest complete execution path is proposed to accurately capture the finer-grained semantic changes of patches and realize the function of identifying cross-version functions in a cross-architecture environment.The thesis completed the design of a cross-architecture vulnerability search system prototype based on machine learning.It was tested on third-party open source libraries and real device firmware.The AUC of the model in several sets of evaluations was higher than the commonly used Gemini scheme,indicating that the prototype has higher accuracy in the search of vulnerability functions.In addition,the system prototype can further distinguish between crossversion vulnerability functions and patch functions in the candidate set,reducing manual analysis workload and improving search efficiency.During the testing process,a high-risk vulnerability of a certain brand of camera was found,and 324 models of the affected cameras that were affected by it were accurately located,and were awarded the most valuable vulnerability of 2019 by CNVD.