Skip to main content
SpringerLink
Log in
Book cover

International Conference on Artificial Intelligence and Security

ICAIS 2019: Artificial Intelligence and Security pp 3–12Cite as

A Gray-Box Vulnerability Discovery Model Based on Path Coverage

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11635))

Abstract

With the increasing amount of codes and their complexity, the manual method of exploiting vulnerabilities is no longer able to meet the actual needs of vulnerability discovery. Therefore, more researchers are conducting automated vulnerability discovery models and related algorithms. In the real attack and defense scenario, the vulnerability discovery researchers rarely obtain the source code of the target software. Therefore, the non-white box mode of the target system or software is particularly urgent and necessary in the vulnerability discovery model and algorithm. Aiming to solve the above problems, this paper proposes a model for gray-box vulnerability discovery GVDM, which uses the tracking of path coverage to infer the internal structure of the application. The samples with low-frequency path are preferably selected during the sample selection phase using simulated annealing and genetic algorithms. The experimental results on the LAVA-M dataset justify the better performance of the proposed GVDM model, which finds more vulnerabilities than other fuzzers with high accuracy.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Cui, J., Zhang, Y., Cai, Z., et al.: Securing display path for security-sensitive applications on mobile devices. Comput. Mater. Continua 55(1), 17–35 (2018)

    Google Scholar 

  2. Gan, S., Zhang, C., Qin, X., et al.: CollAFL: path sensitive fuzzing. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 679–696. IEEE, San Francisco (2018)

    Google Scholar 

  3. Chen, L., Yang, C., Liu, F., et al.: Automatic mining of security-sensitive functions from source code. Comput. Mater. Continua 56(2), 199–210 (2018)

    Google Scholar 

  4. Copos, B., Murthy, P.: Inputfinder: reverse engineering closed binaries using hardware performance counters. In: 5th Program Protection and Reverse Engineering Workshop. ACM, Los Angeles (2015)

    Google Scholar 

  5. Kargén, U., Shahmehri, N.: Turning programs against each other: high coverage fuzz-testing using binary-code mutation and dynamic slicing. In: 2015 10th Joint Meeting on Foundations of Software Engineering, pp. 782–792. ACM, Bergamo (2015)

    Google Scholar 

  6. Böhme, M., Pham, V.-T., Roychoudhury, A.: Coverage-based greybox fuzzing as markov chain. In: 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1032–1043. ACM, Vienna (2016)

    Google Scholar 

  7. Sparks, S., Embleton, S., Cunningham, R., et al.: Automated vulnerability analysis: leveraging control flow for evolutionary input crafting. In: 23th Annual Computer Security Applications Conference (ACSAC), pp. 477–486, IEEE, Miami Beach (2007)

    Google Scholar 

  8. Chen, Y., Su, T., Sun, C., et al.: Coverage-directed differential testing of JVM implementations. In: 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 85–99. ACM, Santa Barbara (2016)

    Google Scholar 

  9. Wang, T., Wei, T., Gu, G., et al.: TaintScope: a checksum-aware directed fuzzing tool for automatic software vulnerability detection. In: 2010 IEEE Symposium on Security and Privacy, pp. 497–512. IEEE, Berkeley (2010)

    Google Scholar 

  10. Haller, I., Slowinska, A., Neugschwandtner, M., et al.: Dowsing for overflows: a guided fuzzer to find buffer boundary violations. In: 22th USENIX Security Symposium, pp. 49–64. USENIX, Washington, D.C. (2013)

    Google Scholar 

  11. Neugschwandtner, M., Milani Comparetti, P., Haller, I., et al.: The BORG: nanoprobing binaries for buffer overreads. In: 5th ACM Conference on Data and Application Security and Privacy, pp. 87–97. ACM, San Antonio (2015)

    Google Scholar 

  12. Rawat, S., Jain, V., Kumar, A., et al.: Vuzzer: application-aware evolutionary fuzzing. In: The Network and Distributed System Security Symposium (NDSS), pp. 1–14. Internet Society, San Diego (2017)

    Google Scholar 

  13. Schumilo, S., Aschermann, C., Gawlik, R., et al.: kAFL: hardware-assisted feedback fuzzing for OS kernels. In: 26th USENIX Security Symposium, pp. 167–182. USENIX, Vancouver (2017)

    Google Scholar 

  14. Dolan-Gavitt, B., Hulin, P., et al.: Lava: large-scale automated vulnerability addition. In: 37th IEEE Symposium on Security and Privacy (SP), pp. 110–121. IEEE, San Jose (2016)

    Google Scholar 

Download references

Acknowledgment

This work was supported by Joint of Beijing Natural Science Foundation and Education Commission (KZ201810009011), Science and technology innovation project of North China University of Technology (18XN053).

Author information

Authors and Affiliations

  1. School of Information Science and Technology, North China University of Technology, Beijing, 100144, China

    Chunlai Du & Xingbang Tan

  2. Department of Computer Science, University of Illinois Springfield, Springfield, IL, USA

    Yanhui Guo

Authors
  1. Chunlai Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xingbang Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yanhui Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chunlai Du .

Editor information

Editors and Affiliations

  1. Nanjing University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. Nanjing University of Information Science and Technology, Nanjing, China

    Zhaoqing Pan

  3. Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Du, C., Tan, X., Guo, Y. (2019). A Gray-Box Vulnerability Discovery Model Based on Path Coverage. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11635. Springer, Cham. https://doi.org/10.1007/978-3-030-24268-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24268-8_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24267-1

  • Online ISBN: 978-3-030-24268-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation