Abstract:
With the increase of security vulnerabilities, it has been a considerable challenge to evaluate and repair vulnerabilities efficiently. However, the current assessment of the availability of vulnerabilities mainly depends on manual methods. How to intelligently and automatically exploit security exploits is a hot research issue in this field. In this paper, the literature on automated exploit generation of security vulnerabilities from 2006 to the present are investigated. We analysize current research progress, point out the development trend of exploit generation research, and summarize the general framework of automated exploit generation of vulnerabilities. We sort out the current research results from the three aspects of information input, vulnerability types and utilization methods, and discuss the effects of the three aspects on the automated exploit generation of vulnerabilities. Then the current shortcomings and challenges of automatic exploit generation of vulnerabilities are analyzed, and the future research trends and directions are also pointed out.