Abstract
Since the risks associated with software vulnerabilities are rapidly increasing, the detection of vulnerabilities in binary code has become an important area of concern for the software community. However, research studies associated with the detection of vulnerabilities in binary code remain limited to the handcrafted features referenced by a specific group of experts in the field. This paper considers other possibilities to add on the subject of detecting vulnerabilities in binary code. Herein, we utilize recent studies conducted on the topic of deep learning and specifically study a maximal divergence sequential auto-encoder (MDSAE) model to propose a modified version (MDSAE-NR). We also propose an altered interpretation of time-delay neural network (TDNN-NR) by incorporating a new regularization technique that produced optimized results. Finally, both models achieved good predictive performance using different evaluation metrics such as accuracy, recall, precision and F1 score compared to the baseline results. Based on the results of our experiments, we observed a 2 to 2.5% average improvement in each performance measure of interest.
Highlights
Software becomes vulnerable if it contains flaws that could create a backdoor in the software from which a hacker can gain access to a system to conduct malicious activities
We study the maximal divergence sequential autoencoder (MDSAE) model and propose a modified version of the maximal divergence sequential auto-encoder (MDSAE) model that leverages a variational auto-encoder (VAE) and a new regularization technique for binary code vulnerability detection
We propose a new model based on a time-delay neural network (TDNN-NR)
Summary
Software becomes vulnerable if it contains flaws that could create a backdoor in the software from which a hacker can gain access to a system to conduct malicious activities. Some previous studies have proposed methods for detecting vulnerabilities at the binary code level when the access to source code is not granted. In this context, such studies were based on symbolic execution, fuzzing [12]–[14], techniques that utilize handcrafted features derived from dynamic analysis [15]–[17], or functions similarity which helps in identifying known bugs in binaries [18]. We study the maximal divergence sequential autoencoder (MDSAE) model and propose a modified version of the MDSAE model that leverages a variational auto-encoder (VAE) and a new regularization technique for binary code vulnerability detection. The experimental results indicate that the two variants (MDSAE-NR and TDNN-NR) outperform the baselines in all performance measures of interest
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
