检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:Yingchao Yu Shuitao Gan Xiaojun Qin
机构地区:[1]State Key Laboratory of Mathematical Engineering and Advanced Computing,Wuxi,Jiangsu,214083,China
出 处:《Journal on Internet of Things》2022年第1期1-20,共20页
摘 要:In recent years,with the development of the natural language processing(NLP)technologies,security analyst began to use NLP directly on assembly codes which were disassembled from binary executables in order to examine binary similarity,achieved great progress.However,we found that the existing frameworks often ignored the complex internal structure of instructions and didn’t fully consider the long-term dependencies of instructions.In this paper,we propose firmVulSeeker—a vulnerability search tool for embedded firmware images,based on BERT and Siamese network.It first builds a BERT MLM task to observe and learn the semantics of different instructions in their context in a very large unlabeled binary corpus.Then,a finetune mode based on Siamese network is constructed to guide training and matching semantically similar functions using the knowledge learned from the first stage.Finally,it will use a function embedding generated from the fine-tuned model to search in the targeted corpus and find the most similar function which will be confirmed whether it’s a real vulnerability manually.We evaluate the accuracy,robustness,scalability and vulnerability search capability of firmVulSeeker.Results show that it can greatly improve the accuracy of matching semantically similar functions,and can successfully find more real vulnerabilities in real-world firmware than other tools.
关 键 词:Embedded device firmware vulnerability search BERT siamese network
分 类 号:TP3[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.90