ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2016, Vol. 53 ›› Issue (10): 2288-2298.doi: 10.7544/issn1000-1239.2016.20160442

Special Issue: 2016网络空间共享安全研究进展专题

Previous Articles     Next Articles

VDNS: An Algorithm for Cross-Platform Vulnerability Searching in Binary Firmware

Chang Qing1,2,3, Liu Zhongjin4, Wang Mengtao1,2,3, Chen Yu1,2,3, Shi Zhiqiang1,2,3, Sun Limin1,2,3   

  1. 1(Beijing Key Laboratory of IOT Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093); 2(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093); 3(University of Chinese Academy of Sciences, Beijing 100049); 4(National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029)
  • Online:2016-10-01

Abstract: Nowadays, most IOT vendors use the similar code to compile firmware for devices based on various CPU architectures. However, the prior vulnerability searching methods are limited to the same platform, which can’t be directly extended to the cross-platform case, and the cross-platform studies have just started. In this paper, we propose an algorithm to search vulnerabilities of firmware in a cross-platform model based on neural network and local calling structure matching. Firstly we extract the selected compared features from the call graphs, the basic attributes and the control flow graphs of the two compared functions as the input of the neural network, and gain the calculated results. Then we match the call sub-graphs of the compared functions with the results of the previous step as weight to improve the accuracy. The experimental results on the open source code OpenSSL demonstrate our method has better performance than the prior cross-platform vulnerability searching method with the Top1 increasing from 32.1% to 76.49% in the searching pattern from ARM to MIPS. The searching ranks of the common five vulnerabilities in OpenSSL are all No.1 rank. Moreover, we search the common four vulnerabilities in the firmware of the 372 types of D-Link routers and the results show good performance too.

Key words: cross-platform, vulnerability search, feature selection, neural network, bipartite matching

CLC Number: