March 3, 2021

SpywareNews.com

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

Spotting Silent Buffer Overflows in Execution Trace through Graph Neural Network Assisted Data Flow Analysis. (arXiv:2102.10452v1 [cs.CR])

A software vulnerability could be exploited without any visible symptoms.
When no source code is available, although such silent program executions could
cause very serious damage, the general problem of analyzing silent yet harmful
executions is still an open problem. In this work, we propose a graph neural
network (GNN) assisted data flow analysis method for spotting silent buffer
overflows in execution traces. The new method combines a novel graph structure
(denoted DFG+) beyond data-flow graphs, a tool to extract {tt DFG+} from
execution traces, and a modified Relational Graph Convolutional Network as the
GNN model to be trained. The evaluation results show that a well-trained model
can be used to analyze vulnerabilities in execution traces (of
previously-unseen programs) without support of any source code. Our model
achieves 94.39% accuracy on the test data and successfully locates 29 out of
30 real-world silent buffer overflow vulnerabilities. Leveraging deep learning,
the proposed method is, to our best knowledge, the first general-purpose
analysis method for silent buffer overflows. It is also the first method to
spot silent buffer overflows in global variables, stack variables, or heap
variables without crossing the boundary of allocated chunks.