Binary oriented vulnerability analyzer based on Hidden Markov Model

Hao Bai; Chang Zhen Hu; Gang Zhang; Xiao Chuan Jing; Ning Li

doi:10.1587/transinf.E93.D.3410

Binary oriented vulnerability analyzer based on Hidden Markov Model

Hao Bai^*, Chang Zhen Hu, Gang Zhang, Xiao Chuan Jing, Ning Li

^*Corresponding author for this work

School of Cyberspace Science and Technology

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

Abstract

The letter proposes a novel binary vulnerability analyzer for executable programs that is based on the Hidden Markov Model. A vulnerability instruction library (VIL) is primarily constructed by collecting binary frames located by double precision analysis. Executable programs are then converted into structurized code sequences with the VIL. The code sequences are essentially context-sensitive, which can be modeled by Hidden Markov Model (HMM). Finally, the HMM based vulnerability analyzer is built to recognize potential vulnerabilities of executable programs. Experimental results show the proposed approach achieves lower false positive/negative rate than latest static analyzers.

Original language	English
Pages (from-to)	3410-3413
Number of pages	4
Journal	IEICE Transactions on Information and Systems
Volume	E93-D
Issue number	12
DOIs	https://doi.org/10.1587/transinf.E93.D.3410
Publication status	Published - Dec 2010

Keywords

Binary
Double precision analysis
Executable program
Hidden Markov Model
Vulnerability instruction library

Access to Document

10.1587/transinf.E93.D.3410

Cite this

@article{400575a9cd3543cdb07a094f3168f497,

title = "Binary oriented vulnerability analyzer based on Hidden Markov Model",

abstract = "The letter proposes a novel binary vulnerability analyzer for executable programs that is based on the Hidden Markov Model. A vulnerability instruction library (VIL) is primarily constructed by collecting binary frames located by double precision analysis. Executable programs are then converted into structurized code sequences with the VIL. The code sequences are essentially context-sensitive, which can be modeled by Hidden Markov Model (HMM). Finally, the HMM based vulnerability analyzer is built to recognize potential vulnerabilities of executable programs. Experimental results show the proposed approach achieves lower false positive/negative rate than latest static analyzers.",

keywords = "Binary, Double precision analysis, Executable program, Hidden Markov Model, Vulnerability instruction library",

author = "Hao Bai and Hu, {Chang Zhen} and Gang Zhang and Jing, {Xiao Chuan} and Ning Li",

year = "2010",

month = dec,

doi = "10.1587/transinf.E93.D.3410",

language = "English",

volume = "E93-D",

pages = "3410--3413",

journal = "IEICE Transactions on Information and Systems",

issn = "0916-8532",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "12",

}

TY - JOUR

T1 - Binary oriented vulnerability analyzer based on Hidden Markov Model

AU - Bai, Hao

AU - Hu, Chang Zhen

AU - Zhang, Gang

AU - Jing, Xiao Chuan

AU - Li, Ning

PY - 2010/12

Y1 - 2010/12

N2 - The letter proposes a novel binary vulnerability analyzer for executable programs that is based on the Hidden Markov Model. A vulnerability instruction library (VIL) is primarily constructed by collecting binary frames located by double precision analysis. Executable programs are then converted into structurized code sequences with the VIL. The code sequences are essentially context-sensitive, which can be modeled by Hidden Markov Model (HMM). Finally, the HMM based vulnerability analyzer is built to recognize potential vulnerabilities of executable programs. Experimental results show the proposed approach achieves lower false positive/negative rate than latest static analyzers.

AB - The letter proposes a novel binary vulnerability analyzer for executable programs that is based on the Hidden Markov Model. A vulnerability instruction library (VIL) is primarily constructed by collecting binary frames located by double precision analysis. Executable programs are then converted into structurized code sequences with the VIL. The code sequences are essentially context-sensitive, which can be modeled by Hidden Markov Model (HMM). Finally, the HMM based vulnerability analyzer is built to recognize potential vulnerabilities of executable programs. Experimental results show the proposed approach achieves lower false positive/negative rate than latest static analyzers.

KW - Binary

KW - Double precision analysis

KW - Executable program

KW - Hidden Markov Model

KW - Vulnerability instruction library

UR - http://www.scopus.com/inward/record.url?scp=78649992543&partnerID=8YFLogxK

U2 - 10.1587/transinf.E93.D.3410

DO - 10.1587/transinf.E93.D.3410

M3 - Article

AN - SCOPUS:78649992543

SN - 0916-8532

VL - E93-D

SP - 3410

EP - 3413

JO - IEICE Transactions on Information and Systems

JF - IEICE Transactions on Information and Systems

IS - 12

ER -

Binary oriented vulnerability analyzer based on Hidden Markov Model

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this