Research On Binary Vulnerability Type Recognition Based On Symbol Execution

With the gradual penetration of the internet into every corner of life,the demand for software in various industries is also increasing.The types and code volume of software are showing a rapid growth trend.Some programmers neglect to check the security of their code due to their pursuit of software performance,which may lead to vulnerabilities and even serious consequences.Identifying vulnerabilities is beneficial for maintaining the network security environment,strengthening the defense line of network security,and creating a clear and orderly network.Formatting string vulnerabilities,stack overflow vulnerabilities,and use after free vulnerabilities are three typical binary vulnerabilities with a higher degree of threat among the disclosed vulnerabilities.At present,the detection techniques for these three types of vulnerabilities are basically divided into two categories: dynamic analysis and static analysis.Dynamic analysis has problems with high memory consumption and slow recognition speed,while static analysis has problems with low false positive and false positive rates for vulnerability identification.In addition,there is a lack of mature vulnerability type identification tools for binary vulnerabilities.To solve the above problems,this research proposes a path oriented Symbolic Execution strategy based on the danger degree of the path to search for possible vulnerabilities in the path,and on this basis,proposes a Symbolic Execution based behavioral algebra to identify the type of formatted string vulnerabilities,stack overflow vulnerabilities,and reuse vulnerabilities after release,and designs and implements a binary vulnerability type identification system based on Symbolic Execution.The main research content of this paper is as follows:(1)This paper proposes a path hazard weight based oriented Symbolic Execution strategy.In order to alleviate the path explosion defect of Symbolic Execution,a dangerous path weight dominance relationship diagram is established based on the Control flow graph,and Symbolic Execution is guided to explore the path according to the path danger degree weight.Finally,comparative experiments were conducted to verify that this strategy can effectively identify suspicious code and reduce vulnerability mining time and memory consumption.(2)A behavioral algebraic vulnerability type recognition algorithm based on Symbolic Execution is proposed.On the basis of the algebraic expression,the vulnerability status information and behavior information collected by Symbolic Execution are added to the algebraic expression.By constructing the behavior algebraic expression of different vulnerabilities,vulnerabilities can be accurately identified.Finally,comparative experiments were conducted to verify that this algorithm has a lower false positive and false positive rate in identifying vulnerability types.(3)Designed and implemented a binary vulnerability detection prototype system.Based on the angr framework,the system locates vulnerability points through the oriented Symbolic Execution strategy,and uses the Symbolic Execution based behavioral algebra to identify the type of vulnerability points.It can detect stack overflow vulnerabilities,format string vulnerabilities,and reuse vulnerabilities after release,and has good scalability.The experiment verified that the prototype system can effectively identify the types of vulnerabilities in real programs.