Abstract

AbstractThis paper presents a method for exploitable vulnerabilities detection in binary code with almost no false positives. It is based on the concolic (a mix of concrete and symbolic) execution of software binary code and the annotation of sensitive memory zones of the corresponding program traces (represented in a formal manner). Three big families of vulnerabilities are considered (taint related, stack overflow, and heap overflow). Based on the angr framework as a supporting software VulnerabilitY detection based on dynamic behavioral PattErn Recognition was developed to demonstrate the viability of the method. Several test cases using custom code, Juliet test base and widely used public libraries were performed showing a high detection potential for exploitable vulnerabilities with a very low rate of false positives.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Research on the Collaborative Analysis Technology for Source Code and Binary Executable Based upon the Unified Defect Mode Set
Xiaobing Liang ... Baojiang Cui
-
Xiaobing Liang, et. al.Xiaobing Liang ... Baojiang Cui
01 Jul 2015
Specificity and False Positive Rates of the Test of Memory Malingering, Rey 15-Item Test, and Rey Word Recognition Test Among Forensic Inpatients With Intellectual Disabilities
David M Glassmire ... Christopher M Love
Assessment | VOL. 21
David M Glassmire, et. al.David M Glassmire ... Christopher M Love
26 Mar 2014
Vulnerability detector using parse tree annotation
Mohammad Akbari ... Reza Azmi
-
Mohammad Akbari, et. al.Mohammad Akbari ... Reza Azmi
01 Jun 2010
Incorporation of dried blood alpha fetoprotein into traditional first trimester Down syndrome screening service.
Hsiao‐Pin Liu ... David Krantz
Prenatal diagnosis | VOL. 35
Hsiao‐Pin Liu, et. al.Hsiao‐Pin Liu ... David Krantz
13 May 2015
View more papers

More From: SECURITY AND PRIVACY

Paper Title
Journal
Date
Author
Kafka‐Shield: Kafka Streams‐based distributed detection scheme for IoT traffic‐based DDoS attacks
Praveen Shukla ... Nilesh Vishwasrao Patil
SECURITY AND PRIVACY | VOL. -
Praveen Shukla, et. al.Praveen Shukla ... Nilesh Vishwasrao Patil
21 May 2024
A novel Bayesian optimizable ensemble bagged trees model for cryptocurrency fraud prediction approach
Monire Norouzi
SECURITY AND PRIVACY | VOL. -
Monire NorouziMonire Norouzi
19 May 2024
Preserving location‐query privacy in location‐based services: A review
Hira Rasheed ... Iftikhar Ahmad
SECURITY AND PRIVACY | VOL. -
Hira Rasheed, et. al.Hira Rasheed ... Iftikhar Ahmad
15 May 2024
PRC6: Hybrid lightweight cipher for enhanced cloud data security in parallel environment
Zahraa A Mohammed ... Khalid Ali Hussein
SECURITY AND PRIVACY | VOL. -
Zahraa A Mohammed, et. al.Zahraa A Mohammed ... Khalid Ali Hussein
14 May 2024
View more papers