Instruction2vec: Efficient Preprocessor of Assembly Code to Detect Software Weakness with CNN

Potential software weakness, which can lead to exploitable security vulnerabilities, continues to pose a risk to computer systems. According to Common Vulnerability and Exposures, 14,714 vulnerabilities were reported in 2017, more than twice the number reported in 2016. Automated vulnerability detec...

Full description

Saved in:
Bibliographic Details
Published inApplied sciences Vol. 9; no. 19; p. 4086
Main Authors Lee, Yongjun, Kwon, Hyun, Choi, Sang-Hoon, Lim, Seung-Ho, Baek, Sung Hoon, Park, Ki-Woong
Format Journal Article
LanguageEnglish
Published Basel MDPI AG 01.10.2019
Subjects
Algorithms
binary analysis
Classification
Computer programs
convolutional neural network
Datasets
Deep learning
Enumeration
Language
Machine learning
Neural networks
Security
Software
Software testing
software weakness
Vulnerability
word2vec
Online AccessGet full text

Cover

More Information
Summary:Potential software weakness, which can lead to exploitable security vulnerabilities, continues to pose a risk to computer systems. According to Common Vulnerability and Exposures, 14,714 vulnerabilities were reported in 2017, more than twice the number reported in 2016. Automated vulnerability detection was recommended to efficiently detect vulnerabilities. Among detection techniques, static binary analysis detects software weakness based on existing patterns. In addition, it is based on existing patterns or rules, making it difficult to add and patch new rules whenever an unknown vulnerability is encountered. To overcome this limitation, we propose a new method—Instruction2vec—an improved static binary analysis technique using machine. Our framework consists of two steps: (1) it models assembly code efficiently using Instruction2vec, based on Word2vec; and (2) it learns the features of software weakness code using the feature extraction of Text-CNN without creating patterns or rules and detects new software weakness. We compared the preprocessing performance of three frameworks—Instruction2vec, Word2vec, and Binary2img—to assess the efficiency of Instruction2vec. We used the Juliet Test Suite, particularly the part related to Common Weakness Enumeration(CWE)-121, for training and Securely Taking On New Executable Software of Uncertain Provenance (STONESOUP) for testing. Experimental results show that the proposed scheme can detect software vulnerabilities with an accuracy of 91% of the assembly code.
ISSN:2076-3417
2076-3417
DOI:10.3390/app9194086