Vulnerability Detection Tools Research Articles

Formal Analysis and Detection for ROS2 Communication Security Vulnerability

Robotic systems have been widely used in various industries, so the security of communication between robots and their components has become an issue that needs to be focused on. As a framework for developing robotic systems, the security of ROS2 (Robot Operating System 2) can directly affect the security of the upper-level robotic systems. Therefore, it is a worthwhile research topic to detect and analyze the security of ROS2. In this study, we adopted a formal approach to analyze the security of the communication mechanism of ROS2. First, we used a state transition system to model the potential vulnerabilities of ROS2 based on the ROS2 communication mechanism and the basic process of penetration testing. Secondly, we introduced a CIA model based on the established vulnerability model and used linear temporal logic to define its security properties. Then, we designed and implemented a vulnerability detection tool for ROS2 applications based on the vulnerability model and security properties. Finally, we experimentally tested some ROS2-based applications, and the results show that ROS2 has vulnerabilities without additional protection safeguards.

SafeCheck: Detecting smart contract vulnerabilities based on static program analysis methods

AbstractEthereum smart contracts are a special type of computer programs. Once deployed on the blockchain, they cannot be modified. This presents a significant challenge to the security of smart contracts. Previous research has proposed static and dynamic detection tools to identify vulnerabilities in smart contracts. These tools check contract vulnerabilities based on predefined rules, and the accuracy of detection strongly depends on the design of the rules. However, the constant emergence of new vulnerability types and strategies for vulnerability protection leads to numerous false positives and false negatives by tools. To address this problem, we analyze the characteristics of vulnerabilities in smart contracts and the corresponding protection strategies. We convert the contracts' bytecode into an intermediate representation to extract semantic information of the contracts. Based on this semantic information, we establish a set of detection rules based on semantic facts and implement a vulnerability detection tool SafeCheck using static program analysis methods. The tool is used to detect six common types of vulnerabilities in smart contracts. We have extensively evaluated SafeCheck on real Ethereum smart contracts and compared it to other tools. The experimental results show that SafeCheck performs better in smart contract vulnerability detection compared to other typical tools, with a high F‐measure (up to 83.1%) for its entire dataset.

Automatically Identifying CVE Affected Versions With Patches and Developer Logs

While vulnerability databases are important sources of information for software security, it is known that information in these databases is inconsistent. How to rectify these incorrect data is a challenging issue. In this paper, we employ developer logs and patches to automatically identify vulnerable source code versions that each CVE really affects. Our tool organizes all versions of a piece of software into a version tree, and identifies the first vulnerable version, and the last vulnerable versions in the version tree trunk and branches. For evaluation, we took Linux Kernel as the case study and quantified the error rate of the vulnerable versions reported by the NVD. The total number of vulnerable Linux Kernel versions reported by the NVD was 43,727 (as of September 2020), of which the total number of false positives reached 2,497 and the total number of false negatives reached 9,330, accounting for 5.7% and 21.34%, respectively. In addition, we compare our tool with two vulnerability detection tools and show that our tool could achieve high detection accuracy.

An Integrated Smart Contract Vulnerability Detection Tool Using Multi-Layer Perceptron on Real-Time Solidity Smart Contracts

An Integrated Smart Contract Vulnerability Detection Tool Using Multi-Layer Perceptron on Real-Time Solidity Smart Contracts

A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts

A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts

Smart Contract Code Repair Recommendation based on Reinforcement Learning and Multi-metric Optimization

A smart contract is a kind of code deployed on the blockchain that executes automatically once an event triggers a clause in the contract. Since smart contracts involve businesses such as asset transfer, they are more vulnerable to attacks, so it is crucial to ensure the security of smart contracts. Because a smart contract cannot be tampered with once deployed on the blockchain, for smart contract developers, it is necessary to fix vulnerabilities before deployment. Compared with many vulnerability detection tools for smart contracts, the amount of automatic fix approaches for smart contracts is relatively limited. These approaches mainly use defined pattern-based methods or heuristic search algorithms for vulnerability repairs. In this paper, we propose RLRep , a reinforcement learning-based approach to provide smart contract repair recommendations for smart contract developers automatically. This approach adopts an agent to provide repair action suggestions based on the vulnerable smart contract without any supervision, which can solve the problem of missing labeled data in machine learning-based repair methods. We evaluate our approach on a dataset containing 853 smart contract programs (programming language: Solidity) with different kinds of vulnerabilities. We split them into training and test set. The result shows that our approach can provide 54.97% correct repair recommendations for smart contracts.

VIGILANT: Vulnerability Detection Tool Against Fault-Injection Attacks for Locking Techniques

Logic locking is a well-known solution that thwarts design intellectual property (IP) piracy and prevents illegal overproduction of integrated circuits (ICs) against adversaries in the globalized supply chain. The widespread prevalence of reverse-engineering tools, probing, and fault-injection equipment has given rise to physical attacks that can undermine the security of a locked design. Fault-injection attacks, in particular, can extract the secret key from an oracle, circumventing the defense offered by logic locking. When design IP is compromised through physical attacks, fixing corresponding vulnerabilities generally require a silicon re-spin, which is impractical under constrained time and resources. Thus, there is a requirement for a detection tool that can perform a pre-silicon evaluation of locked designs to notify the designer of any vulnerabilities that can be exploited using faults. In this work, we propose VIGILANT, a first-of-its-kind vulnerability detection tool against fault-injection attacks targeting the hardware implementation of locking techniques. More specifically, VIGILANT aids designers in identifying critical nets susceptible to fault-injection attacks. VIGILANT analyzes the underlying locked design and computes a list of candidate nets along with their fault values required for key leakage and consequently validates each candidate net as vulnerable or not, using a functional simulation model of the design (acting as an oracle). We showcase the efficacy of VIGILANT on different locked designs for four different locking techniques under various parameters such as technology nodes, layout-generation commands, and key-sizes. The accuracy of VIGILANT in identifying and validating all the candidate nets that are vulnerable to fault-injection attacks is 100%

Towards Practical Binary Code Similarity Detection: Vulnerability Verification via Patch Semantic Analysis

Vulnerability is a major threat to software security. It has been proven that binary code similarity detection approaches are efficient to search for recurring vulnerabilities introduced by code sharing in binary software. However, these approaches suffer from high false-positive rates (FPRs) since they usually take the patched functions as vulnerable, and they usually do not work well when binaries are compiled with different compilation settings. To this end, we propose an approach, named Robin , to confirm recurring vulnerabilities by filtering out patched functions. Robin is powered by a lightweight symbolic execution to solve the set of function inputs that can lead to the vulnerability-related code. It then executes the target functions with the same inputs to capture the vulnerable or patched behaviors for patched function filtration. Experimental results show that Robin achieves high accuracy for patch detection across different compilers and compiler optimization levels respectively on 287 real-world vulnerabilities of 10 different software. Based on accurate patch detection, Robin significantly reduces the false-positive rate of state-of-the-art vulnerability detection tools (by 94.3% on average), making them more practical. Robin additionally detects 12 new potentially vulnerable functions.

Evaluation of Smart Contract Vulnerability Analysis Tools: A Domain-Specific Perspective

With the widespread adoption of blockchain platforms across various decentralized applications, the smart contract’s vulnerabilities are continuously growing and evolving. Consequently, a failure to optimize conventional vulnerability analysis methods results in unforeseen effects caused by overlooked classes of vulnerabilities. Current methods have difficulty dealing with multifaceted intrusions, which calls for more robust approaches. Therefore, overdependence on environment-defined parameters in the contract execution logic binds the contract to the manipulation of such parameters and is perceived as a security vulnerability. Several vulnerability analysis tools have been identified as insufficient to effectively identify certain types of vulnerability. In this paper, we perform a domain-specific evaluation of state-of-the-art vulnerability detection tools on smart contracts. A domain can be defined as a particular area of knowledge, expertise, or industry. We use a perspective specific to the area of energy contracts to draw logical and language-dependent features to advance the structural and procedural comprehension of these contracts. The goal is to reach a greater degree of abstraction and navigate the complexities of decentralized applications by determining their domains. In particular, we analyze code embedding of energy smart contracts and characterize their vulnerabilities in transactive energy systems. We conclude that energy contracts can be affected by a relatively large number of defects. It also appears that the detection accuracy of the tools varies depending on the domain. This suggests that security flaws may be domain-specific. As a result, in some domains, many vulnerabilities can be overlooked by existing analytical tools. Additionally, the overall impact of a specific vulnerability can differ significantly between domains, making its mitigation a priority subject to business logic. As a result, more effort should be directed towards the reliable and accurate detection of existing and new types of vulnerability from a domain-specific point of view.

Detection of Vulnerabilities of Blockchain Smart Contracts

With the wide application of IoT and blockchain, research on smart contracts has received increased attention, and security threat detection for smart contracts is one of the main focuses. This paper first introduces the common security vulnerabilities in blockchain smart contracts, and then classifies the vulnerabilities detection tools for smart contracts into six categories according to the different detection methods: formal verification method, symbol execution method, fuzzy testing method, intermediate representation method, stain analysis method and deep learning method. We test 27 detection tools, and analyze them from several perspectives, including the capability of detecting a smart contract version. Finally, it is concluded that most of the current vulnerability detection tools can only detect vulnerabilities in a single and old version of smart contracts. Although the deep learning method detects fewer types of smart contract vulnerabilities, it has higher detection accuracy and efficiency. Therefore, the combination of static detection methods such as deep learning method and dynamic detection methods including the fuzzy testing method to detect more types of vulnerabilities in multi-version smart contracts to achieve higher accuracy is a direction worthy of research in the future.

Enhancing Smart-Contract Security through Machine Learning: A Survey of Approaches and Techniques

As blockchain technology continues to advance, smart contracts, a core component, have increasingly garnered widespread attention. Nevertheless, security concerns associated with smart contracts have become more prominent. Although machine-learning techniques have demonstrated potential in the field of smart-contract security detection, there is still a lack of comprehensive review studies. To address this research gap, this paper innovatively presents a comprehensive investigation of smart-contract vulnerability detection based on machine learning. First, we elucidate common types of smart-contract vulnerabilities and the background of formalized vulnerability detection tools. Subsequently, we conduct an in-depth study and analysis of machine-learning techniques. Next, we collect, screen, and comparatively analyze existing machine-learning-based smart-contract vulnerability detection tools. Finally, we summarize the findings and offer feasible insights into this domain.

Smart contract vulnerability detection based on semantic graph and residual graph convolutional networks with edge attention

Smart contracts are becoming the forefront of blockchain technology, allowing the performance of credible transactions without third parties. However, smart contracts on blockchain are not immune to vulnerability exploitation and cannot be modified after being deployed on the blockchain. Therefore, it is imperative to assure the security of smart contracts via intelligent vulnerability detection tools with the exponential increase in the number of smart contracts. The remarkably developing deep learning technology provides a promising way to detect potential smart contract vulnerabilities. Nevertheless, existing deep learning-based approaches fail to effectively capture the rich syntax and semantic information embedded in smart contracts for vulnerability detection. In this paper, we tackle the problem of smart contract vulnerability detection at the function level by constructing a novel semantic graph (SG) for each function and learning the SGs using graph convolutional networks (GCNs) with residual blocks and edge attention. Our proposed method consists of three stages. In the first stage, we create the SG which contains rich syntax and semantic information including the data–data, instruction–instruction and instruction–data relationships, variables, operations, etc., by building an abstract syntax tree (AST) from the code of each function, removing the unimportant nodes in the AST, and adding edges between the nodes to represent the data flows and the execution sequence of the statements. In the second stage, we propose a new graph convolutional network model EA-RGCN to learn the content and semantic features of the code. EA-RGCN contains three parts: node and edge representation via word2vec, content feature extraction with a residual GCN (RGCN) module, and semantic feature extraction using an edge attention (EA) module. In the third stage, we concatenate the code content features and the semantic features to obtain the global code feature and use a classifier to identify whether the function is vulnerable. We conduct experiments on the datasets constructed from real-world smart contracts. Experimental results demonstrate that the proposed semantic graph and the EA-RGCN model can effectively improve the performance in terms of accuracy, precision, recall, and F1-score on smart contract vulnerability detection.

Evaluation of Static Vulnerability Detection Tools With Java Cryptographic API Benchmarks

Several studies showed that misuses of cryptographic APIs are common in real-world code (e.g., Apache projects and Android apps). There exist several open-sourced and commercial security tools that automatically screen Java programs to detect misuses. To compare their accuracy and security guarantees, we develop two comprehensive benchmarks named CryptoAPI-Bench and ApacheCryptoAPI-Bench. CryptoAPI-Bench consists of 181 unit test cases that cover basic cases, as well as complex cases, including interprocedural, field sensitive, multiple class test cases, and path sensitive data flow of misuse cases. The benchmark also includes correct cases for testing false-positive rates. The ApacheCryptoAPI-Bench consists of 121 cryptographic cases from 10 Apache projects. We evaluate four tools, namely, SpotBugs, CryptoGuard, CrySL, and another tool (anonymous) using both benchmarks. We present their performance and comparative analysis. The ApacheCryptoAPI-Bench also examines the scalability of the tools. Our benchmarks are useful for advancing state-of-the-art solutions in the space of misuse detection.

Android Source Code Vulnerability Detection: A Systematic Literature Review

The use of mobile devices is rising daily in this technological era. A continuous and increasing number of mobile applications are constantly offered on mobile marketplaces to fulfil the needs of smartphone users. Many Android applications do not address the security aspects appropriately. This is often due to a lack of automated mechanisms to identify, test, and fix source code vulnerabilities at the early stages of design and development. Therefore, the need to fix such issues at the initial stages rather than providing updates and patches to the published applications is widely recognized. Researchers have proposed several methods to improve the security of applications by detecting source code vulnerabilities and malicious codes. This Systematic Literature Review (SLR) focuses on Android application analysis and source code vulnerability detection methods and tools by critically evaluating 118 carefully selected technical studies published between 2016 and 2022. It highlights the advantages, disadvantages, applicability of the proposed techniques, and potential improvements of those studies. Both Machine Learning (ML)-based methods and conventional methods related to vulnerability detection are discussed while focusing more on ML-based methods, since many recent studies conducted experiments with ML. Therefore, this article aims to enable researchers to acquire in-depth knowledge in secure mobile application development while minimizing the vulnerabilities by applying ML methods. Furthermore, researchers can use the discussions and findings of this SLR to identify potential future research and development directions.

The Experiences of Midwives in Caring for Vulnerable Pregnant Women in The Netherlands: A Qualitative Cross-Sectional Study.

Vulnerable pregnant women have an increased risk for preterm birth and perinatal mortality. This study identifies the perspectives, perceived barriers, and perceived facilitators of midwives toward current care for vulnerable pregnant women in the Netherlands. Knowing those perspectives, barriers, and facilitators could help increase quality of care, thereby reducing the risks of preterm birth and perinatal mortality. Midwives working in primary care practices throughout the Netherlands were interviewed. Semi-structured interviews were conducted remotely through a video conference program, audio recorded, transcribed verbatim, and coded based on the theoretical domains framework and concepts derived from the interviews, using NVivo-12. All midwives provided psychosocial care for vulnerable pregnant women, expected positive consequences for those women resulting from that care, considered it their task to identify and refer vulnerable women, and intended to improve the situation for mother and child. The main barriers perceived by midwives were too many organizations being involved, inadequate communication between care providers, lack of time to care for vulnerable women, insufficient financing to provide adequate care, and uncooperative clients. The main facilitators were having care coordinators, treatment guidelines, vulnerability detection tools, their own knowledge about local psychosocial organizations, good communication skills, cooperative clients, consultation with colleagues, and good communication between care providers. The findings suggest that midwives are highly motivated to care for vulnerable women and perceive a multitude of facilitators. However, they also perceive various barriers for providing optimal care. A national guideline on how to care for vulnerable women, local overviews of involved organizations, and proactive midwives who ensure connections between the psychosocial and medical domain could help to overcome these barriers, and therefore, maximize effectiveness of the care for vulnerable pregnant women.

Smart Contract Vulnerability Detection Model Based on Siamese Network (SCVSN): A Case Study of Reentrancy Vulnerability

Blockchain technology is currently evolving rapidly, and smart contracts are the hallmark of the second generation of blockchains. Currently, smart contracts are gradually being used in power system networks to build a decentralized energy system. Security is very important to power systems and attacks launched against smart contract vulnerabilities occur frequently, seriously affecting the development of the smart contract ecosystem. Current smart contract vulnerability detection tools suffer from low correct rates and high false positive rates, which cannot meet current needs. Therefore, we propose a smart contract vulnerability detection system based on the Siamese network in this paper. We improved the original Siamese network model to perform smart contract vulnerability detection by comparing the similarity of two sub networks with the same structure and shared parameters. We also demonstrate, through extensive experiments, that the model has better vulnerability detection performance and lower false alarm rate compared with previous research results.

BinVulDet: Detecting vulnerability in binary program via decompiled pseudo code and BiLSTM-attention

Static detection of security vulnerabilities in binary programs is an important research field in software supply chain security. However, existing vulnerability detection methods based on code similarity can only detect known vulnerabilities. Vulnerability features generated by vulnerability pattern-based detection methods are low robust due to the influence of manually defined patterns, compiler diversity, and irrelevant function instructions. In this paper, we propose BinVulDet, which is a binary level vulnerability detection tool for accurate known and unknown vulnerability detection. BinVulDet uses decompilation techniques to obtain pseudo code containing high-level semantic information against the impact of compilation diversity. Then the program slicing technique is used to extract the statements with data dependencies and control dependencies related to the vulnerability. A BiLSTM-attention neural network is used to extract rich contextual semantic information from slice codes to generate more robust vulnerability patterns to detect vulnerabilities. The experimental results show that BinVulDet outperforms the state-of-the-art binary vulnerability detection methods. The FPR and FNR of BinVulDet are 1.04% and 0.89% on average, respectively, which are 3.93% and 22.86% lower than the baseline model on average. BinVulDet can effectively against the influence of compilation diversity and successfully be used for real-world vulnerability detection by being evaluated in three CVE vulnerability projects.

VULDEFF: Vulnerability detection method based on function fingerprints and code differences

The significant increase in Open Source Software has led to a sharp increase in code cloning vulnerabilities. Code similarity detection methods are usually used to detect these vulnerabilities. However, cloned code often modifies the original code to varying degrees, and the difference between vulnerable code and patch code can be very small. Traditional code similarity detection methods cannot effectively detect common mutation patterns in code cloning and distinguish vulnerable code from patch code. The paper proposes a vulnerability detection method named VULDEFF based on function fingerprints and code differences. This paper designs a lightweight function fingerprint method based on the Context Triggered Piecewise Hashing algorithm, which can characterize the basic syntax features of function source code. In particular, the fingerprint of the vulnerable function contains the syntax features, vulnerability features, and patch features of the vulnerable function. VULDEFF detects whether target function has vulnerabilities by searching target function fingerprint in the vulnerable function fingerprint library. Compared with five advanced software vulnerability detection tools, VULDEFF significantly reduces the false positive and false negative rates while ensuring the scalability of vulnerability detection. VULDEFF discovered 111 new vulnerabilities in 10 open source projects.

Improvement of Vulnerable Code Dataset Based on Program Equivalence Transformation

Code vulnerability dataset plays an important role in the development and evaluation of vulnerability detection tools. Aiming at the problem that programs in existing vulnerability datasets usually have simple structures and small scales, which is not satisfying for testing, we proposed a generator of complex code vulnerability dataset based on program equivalence transformation in this paper. It improves the complexity of program structure and code size while preserving the labels of the original case. Based on the PHP vulnerability test suite in Software Assurance Reference Dataset (SARD), a large number of complex cases were constructed and tested using two open-source PHP vulnerability detection tools RIPS and WAP. Experimental results show that the cyclomatic complexity and code size of the generated cases increase by about five times after transformation. The detection accuracy of the tools on the generated dataset decreases significantly compared with the results on the original dataset. The false positive rate increases by about 30%, and the false negative rate increases by about 10%.

Smart contract vulnerability detection combined with multi-objective detection

Blockchains have been booming in recent years. As a decentralized system architecture, smart contracts give blockchains a user-defined logic. A smart contract is an executable program that can automatically carry out transactions on the Ethereum blockchain. However, some security issues in smart contracts are difficult to fix, and smart contracts also lack quality assessment standards. Therefore, this study proposes a Multiple-Objective Detection Neural Network (MODNN), a more scalable smart contract vulnerability detection tool. MODNN can validate 12 types of vulnerabilities, including 10 recognized threats, and identify more unknown types without the need for specialist or predefined knowledge through implicit features and Multi-Objective detection (MOD) algorithms. It supports the parallel detection of multiple vulnerabilities and has high scalability, eliminating the need to train separate models for each type of vulnerability and reducing significant time and labor costs. This paper also developed a data processing tool called Smart Contract-Crawler (SCC) to address the lack of smart contract vulnerability datasets. MODNN was evaluated using more than 18,000 smart contracts from Ethereum. Experiments showed that MODNN could achieve an average F1 Score of 94.8%, the current highest compared to several standard machine learning (ML) classification models.