A5043284460- Advanced Malware Detection Techniques
- Software Engineering Research
- Software Testing and Debugging Techniques
- Web Data Mining and Analysis
- Web Application Security Vulnerabilities
- Software Reliability and Analysis Research
- Security and Verification in Computing
- Advanced Data Storage Technologies
- Topic Modeling
- Digital and Cyber Forensics
Institute of Information Engineering
2021-2024
University of Chinese Academy of Sciences
2021-2023
Chinese Academy of Sciences
2021-2022
Binary code similarity detection is a fundamental technique for many security applications such as vulnerability search, patch analysis, and malware detection. There an increasing need to detect similar search across architectures with the increase of critical vulnerabilities in IoT devices. The variety hardware software platforms requires capture semantic equivalence fragments However, existing approaches are insufficient capturing similarity. We notice that abstract syntax tree (AST)...
Vulnerability is a major threat to software security. It has been proven that binary code similarity detection approaches are efficient search for recurring vulnerabilities introduced by sharing in software. However, these suffer from high false-positive rates (FPRs) since they usually take the patched functions as vulnerable, and do not work well when binaries compiled with different compilation settings. To this end, we propose an approach, named Robin , confirm filtering out functions....
Third-party libraries (TPLs) are extensively utilized by developers to expedite the software development process and incorporate external functionalities. Nevertheless, insecure TPL reuse can lead significant security risks. Existing methods, which involve extracting strings or conducting function matching, employed determine presence of code in target binary. However, these methods often yield unsatisfactory results due recurrence numerous similar non-homologous functions. Furthermore,...
Source code summarization is the task of generating a readable natural language to describe functionality source code. Code rapidly expanding, especially as research takes great advantage advances in neural networks and artificial intelligence technologies. Some mainstream methods input structural information (abstract syntax tree (AST)) into model generate relatively satisfactory comments. However, existing can not capture code's long dependencies from AST for effective summarization. In...
Binary function matching has been proposed to detect the known vulnerabilities. However, high similarity between vulnerable and patched versions leads a large of false positives. Patch detection is improve accuracy by identifying functions from results. existing methods decreases significantly due changes introduced compiler optimization levels.In this paper, we propose PMatch, method based on code semantic binary functions. Firstly, PMatch extracts patch-affected snippets function....
Third-party libraries (TPLs) are extensively utilized by developers to expedite the software development process and incorporate external functionalities. Nevertheless, insecure TPL reuse can lead significant security risks. Existing methods employed determine presence of code in target binary. methods, which involve extracting strings or conducting function matching, However, these often yield unsatisfactory results due recurrence numerous similar non-homologous functions. Additionally,...