ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2019, Vol. 56 ›› Issue (10): 2097-2111.doi: 10.7544/issn1000-1239.2019.20190655

Special Issue: 2019密码学与智能安全研究专题

Previous Articles     Next Articles

A Survey on Automated Exploit Generation

Zhao Shangru1,2, Li Xuejun1, Fang Yue1,2, Yu Yuanping3,5, Huang Weihao4,5, Chen Kai4,5, Su Purui3,5, Zhang Yuqing1,2   

  1. 1(School of Cyber Engineering, Xidian University, Xi’an 710071);2(National Computer Network Intrusion Protection Center (University of Chinese Academy of Sciences), Beijing 101408);3(Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190);4(State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100195);5(University of Chinese Academy of Sciences, Beijing 100190)
  • Online:2019-10-16

Abstract: With the increase of security vulnerabilities, it has been a considerable challenge to evaluate and repair vulnerabilities efficiently. However, the current assessment of the availability of vulnerabilities mainly depends on manual methods. How to intelligently and automatically exploit security exploits is a hot research issue in this field. In this paper, the literature on automated exploit generation of security vulnerabilities from 2006 to the present are investigated. We analysize current research progress, point out the development trend of exploit generation research, and summarize the general framework of automated exploit generation of vulnerabilities. We sort out the current research results from the three aspects of information input, vulnerability types and utilization methods, and discuss the effects of the three aspects on the automated exploit generation of vulnerabilities. Then the current shortcomings and challenges of automatic exploit generation of vulnerabilities are analyzed, and the future research trends and directions are also pointed out.

Key words: vulnerability exploitation, exploit generation, automatic generation, vulnerability, automatic exploit

CLC Number: