• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Chang Qing, Liu Zhongjin, Wang Mengtao, Chen Yu, Shi Zhiqiang, Sun Limin. VDNS: An Algorithm for Cross-Platform Vulnerability Searching in Binary Firmware[J]. Journal of Computer Research and Development, 2016, 53(10): 2288-2298. DOI: 10.7544/issn1000-1239.2016.20160442
Citation: Chang Qing, Liu Zhongjin, Wang Mengtao, Chen Yu, Shi Zhiqiang, Sun Limin. VDNS: An Algorithm for Cross-Platform Vulnerability Searching in Binary Firmware[J]. Journal of Computer Research and Development, 2016, 53(10): 2288-2298. DOI: 10.7544/issn1000-1239.2016.20160442
shu

VDNS: An Algorithm for Cross-Platform Vulnerability Searching in Binary Firmware

  • 1(Beijing Key Laboratory of IOT Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093)

  • 2(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093)

  • 3(University of Chinese Academy of Sciences, Beijing 100049)

  • 4(National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029)

More Information
  • Published Date: September 30, 2016
    Graphical Abstract
    • Abstract
  • Nowadays, most IOT vendors use the similar code to compile firmware for devices based on various CPU architectures. However, the prior vulnerability searching methods are limited to the same platform, which can’t be directly extended to the cross-platform case, and the cross-platform studies have just started. In this paper, we propose an algorithm to search vulnerabilities of firmware in a cross-platform model based on neural network and local calling structure matching. Firstly we extract the selected compared features from the call graphs, the basic attributes and the control flow graphs of the two compared functions as the input of the neural network, and gain the calculated results. Then we match the call sub-graphs of the compared functions with the results of the previous step as weight to improve the accuracy. The experimental results on the open source code OpenSSL demonstrate our method has better performance than the prior cross-platform vulnerability searching method with the Top1 increasing from 32.1% to 76.49% in the searching pattern from ARM to MIPS. The searching ranks of the common five vulnerabilities in OpenSSL are all No.1 rank. Moreover, we search the common four vulnerabilities in the firmware of the 372 types of D-Link routers and the results show good performance too.
    • FullText(HTML)
    • References (0)
    • Related Articles

  • Related Articles

    [1]He Jianhao, Li Lüzhou. An Overview of Quantum Optimization[J]. Journal of Computer Research and Development, 2021, 58(9): 1823-1834. DOI: 10.7544/issn1000-1239.2021.20210276
    [2]Xu Wenpeng, Wang Weiming, Li Hang, Yang Zhouwang, Liu Xiuping, Liu Ligang. Topology Optimization for Minimal Volume in 3D Printing[J]. Journal of Computer Research and Development, 2015, 52(1): 38-44. DOI: 10.7544/issn1000-1239.2015.20140108
    [3]Wen Renqiang, Zhong Shaobo, Yuan Hongyong, Huang Quanyi. Emergency Resource Multi-Objective Optimization Scheduling Model and Multi-Colony Ant Optimization Algorithm[J]. Journal of Computer Research and Development, 2013, 50(7): 1464-1472.
    [4]Wu Jianhui, Zhang Jing, Li Renfa, Liu Zhaohua. A Multi-Subpopulation PSO Immune Algorithm and Its Application on Function Optimization[J]. Journal of Computer Research and Development, 2012, 49(9): 1883-1898.
    [5]Tang Kezong, Liu Bingxiang, Yang Jingyu, Sun Tingkai. Double Center Particle Swarm Optimization Algorithm[J]. Journal of Computer Research and Development, 2012, 49(5): 1086-1094.
    [6]Sun Dayang, Liu Yanheng, Yang Dong, Wang Aimin. Lifetime Optimizing Scheme of WSN[J]. Journal of Computer Research and Development, 2012, 49(1): 193-201.
    [7]Liu Chun'an, Wang Yuping. Dynamic Multi-Objective Optimization Evolutionary Algorithm Based on New Model[J]. Journal of Computer Research and Development, 2008, 45(4): 603-611.
    [8]Cui Zhendong, Wang Xicheng. Optimization Design of Turbine Engine Foundation on Grid[J]. Journal of Computer Research and Development, 2007, 44(10): 1652-1660.
    [9]Ma Ming, Zhou Chunguang, Zhang Libiao, Ma Jie. Fuzzy Neural Network Optimization by a Multi-Objective Particle Swarm Optimization Algorithm[J]. Journal of Computer Research and Development, 2006, 43(12): 2104-2109.
    [10]Lei Kaiyou and Qiu Yuhui. A Study of Constrained Layout Optimization Using Adaptive Particle Swarm Optimizer[J]. Journal of Computer Research and Development, 2006, 43(10): 1724-1731.

  • Cited by

    Periodical cited type(2)

    1. 张皓宇,单薇薇,方晓,王艳. 基于云桌面技术的虚拟专用网络动态资源分配方法. 电子设计工程. 2021(15): 189-193 .
    2. 刘思,张德干,刘晓欢,张婷,吴昊. 一种基于判定区域的AODV路由的自适应修复算法. 计算机研究与发展. 2020(09): 1898-1910 . 本站查看

    Other cited types(0)

Catalog

    Get Citation
    PDF
    XML
    Article views (1858) PDF downloads (775) Cited by(2)
    Turn off MathJax
    Article Contents
    Abstract
    Related Articles
    Email Alert RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    Copyright © Editorial Department of Computer Research and Development

    Supported by: Beijing Renhe Information Technology Co., Ltd. Baidu Analytics

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return