A Vulnerability Detection System Based on Fusion of Assembly Code and Source Code

Software vulnerabilities are one of the important reasons for network intrusion. It is vital to detect and fix vulnerabilities in a timely manner. Existing vulnerability detection methods usually rely on single code models, which may miss some vulnerabilities. This paper implements a vulnerability detection system by combining source code and assembly code models. First, code slices are extracted from the source code and assembly code. Second, these slices are aligned by the proposed code alignment algorithm. Third, aligned code slices are converted into vector and input into a hyper fusion-based deep learning model. Experiments are carried out to verify the system. The results show that the system presents a stable and convergent detection performance.

Download Full-text

Automated Vulnerability Detection in Source Code Using Minimum Intermediate Representation Learning

Applied Sciences ◽

10.3390/app10051692 ◽

2020 ◽

Vol 10 (5) ◽

pp. 1692 ◽

Cited By ~ 3

Author(s):

Xin Li ◽

Lu Wang ◽

Yang Xin ◽

Yixian Yang ◽

Yuling Chen

Keyword(s):

Detection Method ◽

False Positive Rate ◽

Source Code ◽

Representation Learning ◽

Detection Methods ◽

Intermediate Representation ◽

Vulnerability Detection ◽

Network Intrusion ◽

Intelligent Methods ◽

High Level

Vulnerability is one of the root causes of network intrusion. An effective way to mitigate security threats is to discover and patch vulnerabilities before an attack. Traditional vulnerability detection methods rely on manual participation and incur a high false positive rate. The intelligent vulnerability detection methods suffer from the problems of long-term dependence, out of vocabulary, coarse detection granularity and lack of vulnerable samples. This paper proposes an automated and intelligent vulnerability detection method in source code based on the minimum intermediate representation learning. First, the sample in the form of source code is transformed into a minimum intermediate representation to exclude the irrelevant items and reduce the length of the dependency. Next, the intermediate representation is transformed into a real value vector through pre-training on an extended corpus, and the structure and semantic information are retained. Then, the vector is fed to three concatenated convolutional neural networks to obtain high-level features of vulnerability. Last, a classifier is trained using the learned features. To validate this vulnerability detection method, an experiment was performed. The empirical results confirmed that compared with the traditional methods and the state-of-the-art intelligent methods, our method has a better performance with fine granularity.

Download Full-text

Instruction2vec: Efficient Preprocessor of Assembly Code to Detect Software Weakness with CNN

Applied Sciences ◽

10.3390/app9194086 ◽

2019 ◽

Vol 9 (19) ◽

pp. 4086 ◽

Cited By ~ 1

Author(s):

Yongjun Lee ◽

Hyun Kwon ◽

Sang-Hoon Choi ◽

Seung-Ho Lim ◽

Sung Hoon Baek ◽

...

Keyword(s):

Feature Extraction ◽

Experimental Results ◽

New Method ◽

Binary Analysis ◽

Vulnerability Detection ◽

Security Vulnerabilities ◽

Assembly Code ◽

Detection Techniques ◽

Software Vulnerabilities ◽

Analysis Technique

Potential software weakness, which can lead to exploitable security vulnerabilities, continues to pose a risk to computer systems. According to Common Vulnerability and Exposures, 14,714 vulnerabilities were reported in 2017, more than twice the number reported in 2016. Automated vulnerability detection was recommended to efficiently detect vulnerabilities. Among detection techniques, static binary analysis detects software weakness based on existing patterns. In addition, it is based on existing patterns or rules, making it difficult to add and patch new rules whenever an unknown vulnerability is encountered. To overcome this limitation, we propose a new method—Instruction2vec—an improved static binary analysis technique using machine. Our framework consists of two steps: (1) it models assembly code efficiently using Instruction2vec, based on Word2vec; and (2) it learns the features of software weakness code using the feature extraction of Text-CNN without creating patterns or rules and detects new software weakness. We compared the preprocessing performance of three frameworks—Instruction2vec, Word2vec, and Binary2img—to assess the efficiency of Instruction2vec. We used the Juliet Test Suite, particularly the part related to Common Weakness Enumeration(CWE)-121, for training and Securely Taking On New Executable Software of Uncertain Provenance (STONESOUP) for testing. Experimental results show that the proposed scheme can detect software vulnerabilities with an accuracy of 91% of the assembly code.

Download Full-text

ISA: A Source Code Static Vulnerability Detection System Based on Data Fusion

Proceedings of the 2nd International ICST Conference on Scalable Information Systems ◽

10.4108/infoscale.2007.910 ◽

2007 ◽

Cited By ~ 4

Author(s):

Deguang Kong ◽

Quan Zheng ◽

Chao Chen ◽

Jianmei Shuai ◽

Ming Zhu

Keyword(s):

Data Fusion ◽

Detection System ◽

Source Code ◽

Vulnerability Detection

Download Full-text

Webshell detection with byte-level features based on deep learning

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-200314 ◽

2021 ◽

Vol 40 (1) ◽

pp. 1585-1596

Author(s):

Xiao Zhongzheng ◽

Nurbol Luktarhan

Keyword(s):

Deep Learning ◽

Web Applications ◽

Detection Efficiency ◽

Source Code ◽

Detection Methods ◽

Web Page ◽

Matching Method ◽

Network Intrusion ◽

Signature Matching ◽

And Control

A webshell is a common tool for network intrusion. It has the characteristics of considerable threat and good concealment. An attacker obtains the management authority of web services through the webshell to penetrate and control web applications smoothly. Because webshell and common web page features are almost identical, it can evade detection by traditional firewalls and anti-virus software. Moreover, with the application of various anti-detection feature hiding techniques to the webshell, it is difficult to detect new patterns in time based on the traditional signature matching method. Webshell detection has been proposed based on deep learning. First, a dataset is opcoded, and the source code and opcode code features are fused. Second, the processed dataset is reduced using the SRNN and an attention mechanism, and the capsule network improves complete predictions for unknown pages. Experiments prove that the algorithm has higher detection efficiency and accuracy than traditional webshell detection methods, and it can also detect new types of webshell with a certain probability.

Download Full-text

Application of Representation Learning based Chronological Modeling for Network Intrusion Detection

International Journal of Information Security and Privacy ◽

10.4018/ijisp.291701 ◽

2022 ◽

Vol 16 (1) ◽

pp. 0-0

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Representation Learning ◽

Detection Methods ◽

Network Intrusion Detection ◽

Moving Averages ◽

Malicious Activity ◽

Network Intrusion ◽

Individual Observation

An autoencoder has the potential to overcome the limitations of current intrusion detection methods by recognizing benign user activity rather than differentiating between benign and malicious activity. However, the line separating them is quite blurry with a significant overlap. The first part of this study aims to investigate the rationale behind this overlap. The results suggest that although a subset of traffic cannot be separated without labels, timestamps have the potential to be leveraged for identification of activity that does not conform to the normal or expected behavior of the network. The second part aims to eliminate dependence on visual-inspections by exploring automation. The trend of errors for HTTP traffic was modeled chronologically using resampled data and moving averages. This model successfully identified attacks that had orchestrated over HTTP within their respective time slots. These results support the hypothesis that it is technically feasible to build an anomaly-based intrusion detection system where each individual observation need not be categorized.

Download Full-text

A Real-Time Vehicle Detection System under Various Bad Weather Conditions Based on a Deep Learning Model without Retraining

Sensors ◽

10.3390/s20205731 ◽

2020 ◽

Vol 20 (20) ◽

pp. 5731 ◽

Cited By ~ 1

Author(s):

Xiu-Zhi Chen ◽

Chieh-Min Chang ◽

Chao-Wei Yu ◽

Yen-Lin Chen

Keyword(s):

Deep Learning ◽

Detection System ◽

Vehicle Detection ◽

Weather Conditions ◽

Learning Model ◽

Detection Methods ◽

Computational Time ◽

Detection Accuracy ◽

Bad Weather ◽

Deep Learning Model

Numerous vehicle detection methods have been proposed to obtain trustworthy traffic data for the development of intelligent traffic systems. Most of these methods perform sufficiently well under common scenarios, such as sunny or cloudy days; however, the detection accuracy drastically decreases under various bad weather conditions, such as rainy days or days with glare, which normally happens during sunset. This study proposes a vehicle detection system with a visibility complementation module that improves detection accuracy under various bad weather conditions. Furthermore, the proposed system can be implemented without retraining the deep learning models for object detection under different weather conditions. The complementation of the visibility was obtained through the use of a dark channel prior and a convolutional encoder–decoder deep learning network with dual residual blocks to resolve different effects from different bad weather conditions. We validated our system on multiple surveillance videos by detecting vehicles with the You Only Look Once (YOLOv3) deep learning model and demonstrated that the computational time of our system could reach 30 fps on average; moreover, the accuracy increased not only by nearly 5% under low-contrast scene conditions but also 50% under rainy scene conditions. The results of our demonstrations indicate that our approach is able to detect vehicles under various bad weather conditions without the need to retrain a new model.

Download Full-text

The Study and Simulation on Campus Network Intrusion Detection System

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.490-495.2657 ◽

2012 ◽

Vol 490-495 ◽

pp. 2657-2661

Author(s):

Ping Xie ◽

Wei Wang

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Structural Characteristics ◽

Functional Independence ◽

Detection Methods ◽

Agent Technology ◽

Campus Network ◽

Model Framework ◽

Network Intrusion

In this paper, the current intrusion detection systems are analyzed in the full study of the development trend of domestic and foreign country. According to the campus network can be divided into functional independence of the structural characteristics of the subnet, while taking full advantage of agent technology in the intrusion detection system technology, we have referenced to the agent technology and a variety of detection methods for the analysis and comparison, and have analyzed the existing distributed intrusion detection system ,we propose a monitoring and management center with a multi-agent intrusion detection model framework. This model uses a distributed architecture that combines network-and host-based intrusion detection method for intrusion detection.

Download Full-text

Interpreting Deep Learning-based Vulnerability Detector Predictions Based on Heuristic Searching

ACM Transactions on Software Engineering and Methodology ◽

10.1145/3429444 ◽

2021 ◽

Vol 30 (2) ◽

pp. 1-31

Author(s):

Deqing Zou ◽

Yawei Zhu ◽

Shouhuai Xu ◽

Zhen Li ◽

Hai Jin ◽

...

Keyword(s):

Deep Learning ◽

Learning Model ◽

Future Research ◽

Learning Models ◽

Vulnerability Detection ◽

Open Problems ◽

Domain Experts ◽

Software Vulnerabilities ◽

Significant Step ◽

Deep Learning Model

Detecting software vulnerabilities is an important problem and a recent development in tackling the problem is the use of deep learning models to detect software vulnerabilities. While effective, it is hard to explain why a deep learning model predicts a piece of code as vulnerable or not because of the black-box nature of deep learning models. Indeed, the interpretability of deep learning models is a daunting open problem. In this article, we make a significant step toward tackling the interpretability of deep learning model in vulnerability detection. Specifically, we introduce a high-fidelity explanation framework, which aims to identify a small number of tokens that make significant contributions to a detector’s prediction with respect to an example. Systematic experiments show that the framework indeed has a higher fidelity than existing methods, especially when features are not independent of each other (which often occurs in the real world). In particular, the framework can produce some vulnerability rules that can be understood by domain experts for accepting a detector’s outputs (i.e., true positives) or rejecting a detector’s outputs (i.e., false-positives and false-negatives). We also discuss limitations of the present study, which indicate interesting open problems for future research.

Download Full-text

Design of a Network Intrusion Detection System Using Complex Deep Neuronal Networks

International Journal of Communication Networks and Information Security (IJCNIS) ◽

10.54039/ijcnis.v13i3.5148 ◽

2021 ◽

Vol 13 (3) ◽

Author(s):

Mohammed Abdulhammed Al-Shabi

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Neuronal Networks ◽

Detection System ◽

Machine Learning Algorithms ◽

Detection Methods ◽

Network Intrusion Detection ◽

Detection Accuracy ◽

Network Intrusion ◽

Network Intrusion Detection System

Recent years have witnessed a tremendous development in various scientific and industrial fields. As a result, different types of networks are widely introduced which are vulnerable to intrusion. In view of the same, numerous studies have been devoted to detecting all types of intrusion and protect the networks from these penetrations. In this paper, a novel network intrusion detection system has been designed to detect cyber-attacks using complex deep neuronal networks. The developed system is trained and tested on the standard dataset KDDCUP99 via pycharm program. Relevant to existing intrusion detection methods with similar deep neuronal networks and traditional machine learning algorithms, the proposed detection system achieves better results in terms of detection accuracy.

Download Full-text

Sistem Pendeteksian Penyusupan Jaringan Komputer dengan Active Response Menggunakan Metode Hybrid Intrusion Detection

10.31219/osf.io/83bes ◽

2020 ◽

Author(s):

afdhal

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Current System ◽

Internet Technology ◽

Network Activity ◽

Detection Methods ◽

Network Intrusion Detection ◽

Active Response ◽

Network Intrusion

ABSTRACTCurrent network intrusion detection systems are generally able to detect various types of attacks but are unable to take further action. In addition the current system does not have interactivity with the administrator when the administrator is not administering the system. This is an ineffective matter especially when the system is in critical condition. This research will be designed and implemented a network intrusion detection system that has the ability to detect suspicious network activity, take further countermeasures.The progress of internet technology increase the need of security data. The progress of tools which have intrusion ability, also influence these needed. The methods of Intrusion Detection System (IDS) implementation and methods of analyze intrusion have excess and lack, which mutually completes. There are a lot of IDS now, but just an IDS open source based is snort. Method of snort implementation is network based restricted. This FinalTask’s system used Hybrid Intrusion Detection System, Signatures and Anomaly Detection Methods. The indicator which used to detect intrusion are IP Address and Port Number. This system use TCP, UDP and ICMP protocols. This system also, is completed by active response, like blocking access for intruder. This System Implementation with Java Programming Language for engine perform and Java Server Pages (JSP) to develop user interface, The database which used is MYSQL. There are two of development test; Link system test and intrusion test. The link system test show the connect each interface. Intrusion is executed by host detection which used DoS HTTP tools and network detection which used Ping of Death’s scripts. The intrusion testing conclusions are; can be detected, analyze and active response for intrusion..

Download Full-text