Institutional Repository
| autodunt: dynamic latent dependence analysis for detection of zero day vulnerability | |
| Chen Kai; Lian Yifeng; Zhang Yingjun | |
| 2012 | |
| Conference Name | 14th International Conference on Information Security and Cryptology, ICISC 2011 |
| Source | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
| Pages | 140-154 |
| Conference Date | November 30, 2011 - December 2, 2011 |
| Conference Place | Seoul, Korea, Republic of |
| Indexed Type | EI |
| ISSN | 0302-9743 |
| ISBN | 9783642319112 |
| Department | (1) Institute of Software Chinese Academy of Sciences Beijing 100190 China; (2) National Engineering Research Center for Information Security Beijing 100190 China |
| English Abstract | Zero day vulnerabilities have played an important role in cyber security. Since they are unknown to the public and patches are not available, hackers can use them to attack effectively. Detecting software vulnerabilities and making patches could protect hosts from attacks that use these vulnerabilities. But this method cannot prevent all vulnerabilities. Some methods such as address space randomization could defend against vulnerabilities, but they cannot find them in software to help software vendors to generate patches for other hosts. In this paper, we design and develop a proof-of-concept prototype called AutoDunt (AUTOmatical zero Day vUlNerability deTector), which can detect vulnerable codes in software by analyzing attacks directly in virtual surroundings. It does not need any source codes or care about polymorphic/metamorphic shellcode (even no shellcode). We present a new kind of dependence between variables called latent dependence and use it to save necessary states for virtual surrounding replaying. In this way, AutoDunt does not need to use slicing or taint analysis method to find the vulnerable code in software, which saves managing time. We verify the effectiveness and evaluate the efficiency of AutoDunt by testing 81 real exploits and 7 popular applications at the end of this paper. © 2012 Springer-Verlag.; Zero day vulnerabilities have played an important role in cyber security. Since they are unknown to the public and patches are not available, hackers can use them to attack effectively. Detecting software vulnerabilities and making patches could protect hosts from attacks that use these vulnerabilities. But this method cannot prevent all vulnerabilities. Some methods such as address space randomization could defend against vulnerabilities, but they cannot find them in software to help software vendors to generate patches for other hosts. In this paper, we design and develop a proof-of-concept prototype called AutoDunt (AUTOmatical zero Day vUlNerability deTector), which can detect vulnerable codes in software by analyzing attacks directly in virtual surroundings. It does not need any source codes or care about polymorphic/metamorphic shellcode (even no shellcode). We present a new kind of dependence between variables called latent dependence and use it to save necessary states for virtual surrounding replaying. In this way, AutoDunt does not need to use slicing or taint analysis method to find the vulnerable code in software, which saves managing time. We verify the effectiveness and evaluate the efficiency of AutoDunt by testing 81 real exploits and 7 popular applications at the end of this paper. © 2012 Springer-Verlag. |
| Keyword | Cryptography Personal Computing |
| Sponsorship | National Security Research Institute (NSRI); Electronics and Telecommunications Research Institute (ETRI); Korea Internet and Security Agency (KISA); Ministry of Public Administration and Security (MOPAS) |
| Language | 英语 |
| Content Type | 会议论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/15777 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | Chen Kai,Lian Yifeng,Zhang Yingjun. autodunt: dynamic latent dependence analysis for detection of zero day vulnerability[C],2012:140-154. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment