ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2016, Vol. 53 ›› Issue (10): 2288-2298.doi: 10.7544/issn1000-1239.2016.20160442

所属专题: 2016网络空间共享安全研究进展专题

• 信息安全 • 上一篇    下一篇

VDNS: 一种跨平台的固件漏洞关联算法

常青1,2,3,刘中金4,王猛涛1,2,3,陈昱1,2,3,石志强1,2,3,孙利民1,2,3   

  1. 1(物联网信息安全技术北京市重点实验室(中国科学院信息工程研究所) 北京 100093); 2(中国科学院信息工程研究所 北京 100093); 3(中国科学院大学 北京 100049); 4(国家计算机网络应急技术处理协调中心 北京 100029) (changqing@iie.ac.cn)
  • 出版日期: 2016-10-01
  • 基金资助: 
    中国科学院战略性先导科技专项课题(XDA06040101);国家重点研发计划(2016YFB0800202);国家自然科学基金项目(U1536107) This work was supported by the State Priority Research Program of the Chinese Academy of Sciences (XDA06040101), the National Key Technology Research and Development Program of China (2016YFB0800202), and the National Natural Science Foundation of China (U1536107).

VDNS: An Algorithm for Cross-Platform Vulnerability Searching in Binary Firmware

Chang Qing1,2,3, Liu Zhongjin4, Wang Mengtao1,2,3, Chen Yu1,2,3, Shi Zhiqiang1,2,3, Sun Limin1,2,3   

  1. 1(Beijing Key Laboratory of IOT Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093); 2(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093); 3(University of Chinese Academy of Sciences, Beijing 100049); 4(National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029)
  • Online: 2016-10-01

摘要: 当前,越来越多的物联网厂商将第三方代码库编译并部署在不同平台上.现有研究主要集中在同平台固件漏洞关联场景,不能直接用于检测其他平台上的同源漏洞,而跨平台场景的研究则刚刚起步.针对现有跨平台方法准确率低的问题,提出基于神经网络和局部调用结构匹配的2阶段跨平台固件漏洞关联方法(vulnerability detection based on neural networks and structure matching, VDNS).以函数为最小关联单元,对函数间调用图、函数内控制流图、函数基本信息进行特征选择和数值化处理,并采用神经网络计算待匹配函数对的相似程度,在此基础上采用结构化匹配方法进一步提高匹配精度.实验结果表明:该方法在二进制文件OpenSSL上性能指标Top1从32.1%提高至76.49%;采用5个漏洞函数对OpenSSL进行关联的Rank值均为1;采用4个常见的路由器漏洞函数在372个D-Link路由器固件上进行关联获得了良好的实验效果.

关键词: 跨平台, 漏洞关联, 特征选择, 神经网络, 二分图匹配

Abstract: Nowadays, most IOT vendors use the similar code to compile firmware for devices based on various CPU architectures. However, the prior vulnerability searching methods are limited to the same platform, which can’t be directly extended to the cross-platform case, and the cross-platform studies have just started. In this paper, we propose an algorithm to search vulnerabilities of firmware in a cross-platform model based on neural network and local calling structure matching. Firstly we extract the selected compared features from the call graphs, the basic attributes and the control flow graphs of the two compared functions as the input of the neural network, and gain the calculated results. Then we match the call sub-graphs of the compared functions with the results of the previous step as weight to improve the accuracy. The experimental results on the open source code OpenSSL demonstrate our method has better performance than the prior cross-platform vulnerability searching method with the Top1 increasing from 32.1% to 76.49% in the searching pattern from ARM to MIPS. The searching ranks of the common five vulnerabilities in OpenSSL are all No.1 rank. Moreover, we search the common four vulnerabilities in the firmware of the 372 types of D-Link routers and the results show good performance too.

Key words: cross-platform, vulnerability search, feature selection, neural network, bipartite matching

中图分类号: