| With the rapid development of Internet technology,network security incidents caused by program vulnerabilities occur frequently,and vulnerability mining has received great attention.Since dynamic taint analysis is an important method of binary vulnerability mining,we focus on the optimization technique of dynamic taint analysis based on neural networks.Aiming at the problems faced by dynamic taint analysis based on neural network in the construction of training data sets,the selection and extraction of training features,the selection of neural network models,and the training of neural networks,the main research contents are as follows:1.In the dynamic taint analysis method based on neural network,the existing training features cannot represent the non-executed branches of the target program,which leads to the low accuracy of implicit control flow analysis.A program feature extraction method based on conditional branch pre judgment is proposed.This method obtains the comparison instruction operands in the program as the training feature by batch using the dynamic pile insertion technology.The training feature is Label and the input sequence is Data,which together constitute the data set required for neural network training.The full connected feedforward neural network is used for training,and the mapping function from the target program input sequence to the branch variable is obtained.The experimental results show that compared with Neutaint,this method improves the accuracy of implicit control flow analysis by 2.3%~9.1% on the experimental data set.2.Aiming at the problems of low training accuracy and slow training convergence caused by the inability to deal with variable length input and learn the possible byte timing relationship in the input in the dynamic taint analysis method based on neural network,a dynamic taint analysis method based on cyclic neural network is proposed.This method first constructs the data set required for neural network training,uses the cyclic neural network to handle the variable length input problem,and identifies the bytes that have a significant impact on the program branch variables by calculating the gradient of the model output relative to the input bytes.The experimental results show that the training efficiency of this method is 0.63~1.16 times higher than that of the existing neural network based dynamic taint analysis methods,and the accuracy of implicit control flow analysis is further improved by 8.8%~21.6%.3.A neural network based dynamic taint analysis prototype system nn Taint is designed and implemented.The nn Taint uses the feature extraction method based on conditional branch pre judgment to collect the comparison instruction operands of the target program as the training feature.Through the dynamic taint analysis technology based on the cyclic neural network,it identifies the input bytes that have a significant impact on the branch variables,and guides the fuzzy test mutation at this location to generate test samples,thus realizing the vulnerability detection function.The test results show that compared with libdft,a dynamic taint analysis tool based on taint propagation rules,nn Taint improves the execution efficiency by 10.9%~30.3%;Compared with libdft and Neutaint,the path coverage of nn Taint has been improved by1.1%~16%,and more vulnerabilities can be found. |