Binary Oriented Vulnerability Analyzer Based on Hidden Markov Model

Hao BAI  Chang-zhen HU  Gang ZHANG  Xiao-chuan JING  Ning LI  

IEICE TRANSACTIONS on Information and Systems   Vol.E93-D   No.12   pp.3410-3413
Publication Date: 2010/12/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E93.D.3410
Print ISSN: 0916-8532
Type of Manuscript: LETTER
Category: Dependable Computing
executable program,  binary,  double precision analysis,  vulnerability instruction library,  Hidden Markov Model,  

Full Text: PDF>>
Buy this Article

The letter proposes a novel binary vulnerability analyzer for executable programs that is based on the Hidden Markov Model. A vulnerability instruction library (VIL) is primarily constructed by collecting binary frames located by double precision analysis. Executable programs are then converted into structurized code sequences with the VIL. The code sequences are essentially context-sensitive, which can be modeled by Hidden Markov Model (HMM). Finally, the HMM based vulnerability analyzer is built to recognize potential vulnerabilities of executable programs. Experimental results show the proposed approach achieves lower false positive/negative rate than latest static analyzers.