Vulnerability extrapolation: Assisted discovery of vulnerabilities using machine learning

5th USENIX Workshop on Offensive Technologies, WOOT 2011

Volumn , Issue , 2011, Pages

  Yamaguchi, Fabian ^a   Lindner, Felix ^a   Rieck, Konrad ^b  

^a Recurity Labs GmbH   (Germany)

^b TECHNISCHE UNIVERSITÄT BERLIN   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATION PROGRAMMING INTERFACES (API); EXTRAPOLATION; SOFTWARE TESTING; VECTOR SPACES;

PROGRAM CODE; SECURE SYSTEM; SECURITY FLAWS; SOURCE CODES; USAGE PATTERNS; ZERO DAY VULNERABILITIES;

MACHINE LEARNING;

EID: 85084163318     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (38)

1. 2010-004 ffmpeg/libavcodec arbitrary offset dereference. Open Source Computer Emergency Response Team, http://www.ocert.org/advisories/ocert-2010-004.html, visited April, 2011.
2. Rough auditing tool for security. Fortify Software Inc., https://www.fortify.com/ssa-elements/threat-intelligence/rats.html, visited April, 2011.
3. T. Avgerinos, S. K. Cha, B. L. T. Hao, and D. Brumley. AEG: Automatic Exploit Generation. In Proc. of Network and Distributed System Security Symposium (NDSS), 2011.
4. M. Bailey, J. Oberheide, J. Andersen, Z. M. Mao, F. Jahanian, and J. Nazario. Automated Classification and Analysis of Internet Malware. In Recent Adances in Intrusion Detection (RAID), pages 178–197, 2007.
5. U. Bayer, P. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda. Scalable, behavior-based malware clustering. In Proc. of Network and Distributed System Security Symposium (NDSS), 2009.
6. J. Bloch. How to design a good API and why it matters. In Proc. of ACM SIGPLAN Symposium on Object-oriented Programming Systems, Languages, and Applications (OOPSLA), pages 506–507, 2006.
7. G. Cretu, A. Stavrou, M. Locasto, S. Stolfo, and A. Keromytis. Casting out demons: Sanitizing training data for anomaly sensors. In Proc. of IEEE Symposium on Security and Privacy, 2008.
8. S. Deerwester, S. Dumais, G. Furnas, T. Landauer, and R. Harshman. Indexing by latent semantic analysis. Journal of the American society for information science, 41(6):391–407, 1990.
9. R. Duda, P.E.Hart, and D.G.Stork. Pattern classification. John Wiley & Sons, second edition, 2001.
10. D. Engler, D. Y. Chen, S. Hallem, A. Chou, and B. Chelf. Bugs as deviant behavior: A general approach to inferring errors in systems code. In Proc. of ACM Symposium on Operating Systems Principles (SOSP), pages 57–72, 2001.
11. N. Falliere, L. O. Murchu,, and E. Chien. W32.stuxnet dossier. Symantec Corporation, 2011.
12. S. Forrest, S. Hofmeyr, A. Somayaji, and T. Longstaff. A sense of self for unix processes. In Proc. of IEEE Symposium on Security and Privacy, pages 120–128, Oakland, CA, USA, 1996.
13. C. Gates and C. Taylor. Challenging the anomaly detection paradigm: A provocative discussion. In Proc. of New Security Paradigms Workshop (NSPW), pages 21–29, 2006.
14. N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A static analysis tool for detecting web application vulnerabilities. In Proc. of IEEE Symposium on Security and Privacy, pages 6–263, 2006.
15. C. Kruegel and G. Vigna. Anomaly detection of web-based attacks. In Proc. of Conference on Computer and Communications Security (CCS), pages 251–261, 2003.
16. Z. Li and Y. Zhou. PR-Miner: automatically extracting implicit programming rules and detecting violations in large software code. In Proc. of European Software Engineering Conference (ESEC), pages 306–315, 2005.
17. B. Livshits and T. Zimmermann. Dynamine: finding common error patterns by mining software revision histories. In Proc. of the 10th European Software Engineering Conference (ESEC), pages 296–305, 2005.
18. V. B. Livshits and M. S. Lam. Finding security vulnerabilities in java applications with static analysis. In Proc. of USENIX Security Symposium, 2005.
19. D. Moore, C. Shannon, and J. Brown. Code-Red: a case study on the spread and victims of an internet worm. In Proc. of Internet Measurement Workshop (IMW), pages 273–284, 2002.
20. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proc. of Network and Distributed System Security Symposium (NDSS), 2005.
21. J. Newsome, B. Karp, and D. Song. Paragraph: Thwarting signature learning by training maliciously. In Recent Adances in Intrusion Detection (RAID), pages 81–105, 2006.
22. R. Perdisci, D. Dagon, W. Lee, P. Fogla, and M. Sharif. Misleading worm signature generators using deliberate noise injection. In Proc. of IEEE Symposium on Security and Privacy, pages 17–31, 2006.
23. R. Perdisci, A. Lanzi, and W. Lee. McBoost: Boosting scalability in malware collection and analysis using statistical classification of executables. In Proc. of Annual Computer Security Applications Conference (ACSAC), pages 301–310, 2008.
24. N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu. The ghost in the browser: Analysis of web-based malware. In Proc. of USENIX Workshop on Hot Topics in Understanding Botnets (HotBots), 2007.
25. K. Rieck and P. Laskov. Linear-time computation of similarity measures for sequential data. Journal of Machine Learning Research, 9(Jan):23–48, 2008.
26. D. Rohde. SVDLIBC - Doug Rohde’s SVD C Library. http://tedlab.mit.edu/∼dr/SVDLIBC/, visited April, 2011.
27. G. Salton and M. J. McGill. Introduction to Modern Information Retrieval. McGraw-Hill, 1986.
28. G. Salton, A. Wong, and C. Yang. A vector space model for automatic indexing. Communications of the ACM, 18(11):613–620, 1975.
29. E. Schwartz, T. Avgerinos, and D. Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proc. of IEEE Symposium on Security and Privacy, pages 317–331, 2010.
30. R. Sommer and V. Paxson. Outside the closed world: On using machine learning for network intrusion detection. In Proc. of IEEE Symposium on Security and Privacy, pages 305–316, 2010.
31. Y. Song, M. Locasto, A. Stavrou, A. D. Keromytis, and S. J. Stolfo. On the infeasibility of modeling polymorphic shellcode: Re-thinking the role of learning in intrusion detection systems. Machine Learning, 2009.
32. M. Sutton, A. Greene, and P. Amini. Fuzzing: Brute Force Vulnerability Discovery. Addison-Wesley Professional, 2007.
33. J. Viega, J. Bloch, Y. Kohno, and G. McGraw. ITS4: A static vulnerability scanner for C and C++ code. In Proc. of Annual Computer Security Applications Conference (ACSAC), pages 257–267, 2000.
34. T. Wang, T. Wei, Z. Lin, and W. Zou. IntScope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. In Proc. of Network and Distributed System Security Symposium (NDSS), 2009.
35. D. A. Wheeler. Flawfinder. http://www.dwheeler.com/flawfinder/, visited April, 2011.
36. C. C. Williams, J. K. Hollingsworth, and S. Member. Automatic mining of source code repositories to improve bug finding techniques. IEEE Transactions on Software Engineering, 31:466–480, 2005.
37. G. Wurster and P. Oorschot. The developer is the enemy. In Proc. of New Security Paradigms Workshop (NSPW), 2008.
38. F. Yamaguchi. Automated extraction of API usage patterns from source code for vulnerability identification. Diploma thesis, Technische Universität Berlin, 2011.