The first step of decompilation and other reverse analysis for binary codes is constructing control flow graph of program. Due to the loss of structure in compiled code, extracting a control flow graph from an executa...
详细信息
ISBN:
(纸本)9780769539300
The first step of decompilation and other reverse analysis for binary codes is constructing control flow graph of program. Due to the loss of structure in compiled code, extracting a control flow graph from an executable is not simply a matter. The usual way which scans the branch instructions in the disassembly file and creates the CFG can not suitable for multiply architecture and file format. This paper analyzes the structure of assembly program and designs a data information description language based on XML-Reverse Meta Language, which is to describe structured disassembling information and then brings forward the control flow graph reconstruction algorithm. This method abstracts disassembly representations and supports multiple architectures. The testing result shows that this method can reconstruct control flow graph of binaries effectively.
Malware detection is a crucial aspect of software security. A malware detector is a system that attempts to determine whether a program has malicious intent. Current malware detectors work by checking for signatures, ...
详细信息
ISBN:
(纸本)9781450301947
Malware detection is a crucial aspect of software security. A malware detector is a system that attempts to determine whether a program has malicious intent. Current malware detectors work by checking for signatures, which attempt to capture the syntactic characteristics of the machine level byte sequence of the malware. This syntactic approach makes current detectors vulnerable to code obfuscations, increasingly used by malware writers that alter the syntactic properties of the malware byte sequence without significantly affecting their execution behavior. This paper derives from the idea that the key to malware identification lies in their syntactic as well as semantic features. It explains an approach using control flow graphs (CFG) for malware detectors. We present an architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations.
Bug localization aims to automatically locate the buggy source files according to the bug report, which plays an important role in software maintenance. Recent studies indicate that exploiting the program structure is...
详细信息
ISBN:
(纸本)9781665450997
Bug localization aims to automatically locate the buggy source files according to the bug report, which plays an important role in software maintenance. Recent studies indicate that exploiting the program structure is beneficial for bug localization. Benefiting from the rich statement-level implementation detail in the control flow graph (CFG), CFG-based bug localization methods have achieved state-of-the-art performance. However, due to the huge semantic gap between the high-level description of the unexpected program behavior in the bug report and the low-level implementation detail in the CFG, it is challenging to directly establish the match between the bug report and the CFG. In this paper, we argue that this gap can be bridged through the multi-level abstraction of the CFG, where each node in an abstraction level corresponds to a code block with a certain granularity. The multi-level abstraction of the CFG reflects the essence of the structured programming paradigm. We further propose a novel model named MLA (Multi-Level Abstraction of the control flow graph) for bug localization, which contains a particularly designed model that alternately propagates the block feature within and between abstraction levels, corresponding to reflecting the controlflow and summarizing the block functionality, respectively. Experimental results on four widelyused open-source software projects show that MLA outperforms the state-of-the-art bug localization methods.
There are some issues that frequently experienced by some software industries at the testing stage, that is the coverage test case. This is the extent to which the completeness of the test case in the tested unit prog...
详细信息
ISBN:
(纸本)9781728150338
There are some issues that frequently experienced by some software industries at the testing stage, that is the coverage test case. This is the extent to which the completeness of the test case in the tested unit program meets the code coverage criteria. Testers usually design test cases just by looking at the source code for which it is very likely that the test case is incomplete or missing. There are currently many tools to check the coverage test cases. These tools only provide information on the percentage of line code that has been executed. On the other hand, the information from the testing results is presented in the form of XML, HTML or other formats that contain the line code status. It causes the information is still difficult to understand, especially for the beginner testers. This paper explains the results of a study of code coverage visualization using a control flow graph (CFG) to assist the tester as an effort to fulfill the complete test case. The experiment was conducted by involving 32 respondents who were the testers from various industries and a number of students.
control flow graph represents the flow of a program by a directed graph. They are used in Software engineering, Compilers and Static program analysis. control flow graph represents various paths a typical program may ...
详细信息
ISBN:
(纸本)9781509047970
control flow graph represents the flow of a program by a directed graph. They are used in Software engineering, Compilers and Static program analysis. control flow graph represents various paths a typical program may undergo for different inputs. control flow graphs play a prominent role in the selection of test cases. In this paper, we present a simple method which uses control flow graph to find time complexity of the corresponding algorithm.
Present day malware shows stealthy and dynamic capability and avails administrative rights to control the victim computers. Malware writers depend on evasion techniques like code obfuscation, packing, compression, enc...
详细信息
ISBN:
(纸本)9781450316682
Present day malware shows stealthy and dynamic capability and avails administrative rights to control the victim computers. Malware writers depend on evasion techniques like code obfuscation, packing, compression, encryption or polymorphism to avoid detection by Anti-Virus (AV) scanners as AV primarily use syntactic signature to detect a known malware. Our approach is based on semantic aspect of PE exectable that analyses API Call-grams to detect unknown malicious code. As in--exact source code is analysed, the machine is not infected by the executable. Moreover, static analysis covers all the paths of code which is not possible with dynamic behavioural methods as latter does not gurantee the execution of sample being analysed. Modern malicious samples also detect controlled virtual and emulated environments and stop the functioning. Semantic invariant approach is important as signature of known samples are changed by code obfuscation tools. Static analysis is performed by generating an API Call graph from controlflow of an executable, then mining the Call graph as API Call-gram to detect malicious files.
To mitigate a malware threat it is important to understand the malware's behavior. The MITRE ATT&ACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. Ho...
详细信息
ISBN:
(纸本)9781665439022
To mitigate a malware threat it is important to understand the malware's behavior. The MITRE ATT&ACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper is the first in providing an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a malware executable. This methodology merges graph representation learning and tools for machine learning explanation.
The exponential proliferation of malware requires robust detection mechanisms for the security of global enterprises and national infrastructures. Conventional malware classification methods primarily depend on extens...
详细信息
The exponential proliferation of malware requires robust detection mechanisms for the security of global enterprises and national infrastructures. Conventional malware classification methods primarily depend on extensive datasets of curated malware samples, rendering them suboptimal for detecting novel strains exploiting contemporary vulnerabilities. In this paper, we reformulate malware detection as a few-shot learning task, and propose a new distance-based classification method that harnesses the innate functional attributes of malware to mitigate the dependency on sample volume. A disentangled representation of the malware's control flow graph is exploited, and a specialized transformer architecture is trained with a triplet-loss function, aiming to finetune the representation of malicious attributes. An attention mechanism of the transformer judiciously discerns functional signatures from intricate control flow graphs. Empirical evaluations on real-world malware datasets underscore the efficacy of the proposed method, achieving an outstanding recall rate of 83.37% with mere 2,000 training samples. As a result, our method outperforms the state-of-the-art methods with an accuracy of 99.45% and a recall of 97.89%.
Up to now, the smart contract vulnerabilities detection methods based on sequence modal data and sequence models have been the most commonly used. However, existing state-of-the-art methods disregard the issue of sequ...
详细信息
Up to now, the smart contract vulnerabilities detection methods based on sequence modal data and sequence models have been the most commonly used. However, existing state-of-the-art methods disregard the issue of sequence modal data loses structural information and controlflow information. Additionally, it is hard for sequence models to extract global features of smart contracts. Moreover, these methods rarely consider the impact of noise data on vulnerabilities detection. To tackle these issues, we propose a smart contract vulnerabilities detection model based on bidirectional encoder representation from transformers (BERT) and control flow graph (CFG). On the one hand, we design a denoising method suitable for control flow graphs to reduce the impact of noisy data on vulnerabilities detection. On the other hand, we design a novel method to parse the control flow graph into a BERT input form that retains controlflow information and structural information. The BERT learns the potential vulnerability characteristics of smart contracts to fine-tune itself. Through an empirical evaluation of a large-scale real-world dataset and compare 5 state-of-the-art baseline methods. Our method achieves (1) optimal performance over all baseline methods;(2) 0.6-17.1% higher F1-score than baseline methods;(3) 0.7-16.7% higher accuracy than baseline methods;(4) 0.6-17% higher precision than baseline methods;(5) 0.2-19.5% higher recall than baseline methods.
Program tracing solutions (i.e., tracers) can faithfully record runtime information about a program's execution and enable flexible and powerful offline analysis. Therefore, they have become fundamental techniques...
详细信息
Program tracing solutions (i.e., tracers) can faithfully record runtime information about a program's execution and enable flexible and powerful offline analysis. Therefore, they have become fundamental techniques extensively utilized in software analysis applications. However, few tracers have paid attention to the size of traces and corresponding overheads introduced to offline analysis, as well as the control flow graph (CFG) support. This paper presents ATOS, an efficient tracing solution, to address these issues. It adaptively adjusts the granularity of tracing while conservatively preserving the essential execution information. We implement a prototype of ATOS and evaluate it on several benchmarks. The results show that ATOS can greatly reduce the size of a trace and accelerate offline analysis, while preserving the execution states and supporting existing applications seamlessly. For example, using ATOS, the trace produced by the application CryptoHunt is reduced by 46 times, while the analysis time is reduced by 34 times.
暂无评论