Binary Code Vulnerability Location Identification with Fine-grained Slicing

Abstract

Precise binary code vulnerability detection is an important research topic in software security. Currently, most software is released in binary form, which requires corresponding binary code vulnerability detection methods. Existing deep learning-based detection techniques can only detect binary code vulnerabilities but cannot accurately identify the location of vulnerabilities. Meanwhile, binary vulnerability detection is usually performed at the program or function level, which requires a large amount of markup data and cannot better focus on the vulnerable code. In order to mine the syntactic and semantic information of binary vulnerability code in a more fine-grained way, this paper proposes BVLIFS, a binary code vulnerability location identification system based on program slice. BVLIFS generates binary slices based on control dependencies and data dependencies of library/API function calls, and then uses hierarchical attention neural networks to extract the semantic information at the slice and basic block levels. After that, vulnerability locations are identified by combining the attention mechanism and vulnerability location matrix. We mark different codes with different colors depending on the level of contribution to vulnerability detection, which can help developers to locate and fix vulnerabilities. The experimental results show that our proposed method performs better and can locate vulnerabilities quickly compared to existing methods.