Locating Vulnerability in Binaries Using Deep Neural Networks

Binary fault localization is important for vulnerability analysis, but many current techniques face problems in locating vulnerability accurately and effectively, especially for real-world programs. In this paper, we propose a novel gradient-guided vulnerability locating method named DeepVL, which leverages deep neural networks to diagnose the root cause of weakness in binaries and provide guidance information for further analysis. DeepVL collects sufficient amounts of crashed execution traces and normal execution traces as input of the constructed neural networks. Based on trained neural network, DeepVL calculates the gradient information for each basic block in traces and filter out the vulnerable basic blocks according to corresponding gradients. To demonstrate the applicability of DeepVL, we perform plenty of experiments on different datasets. According to the experimental results on Common Weakness Enumeration (CWE) dataset, DeepVL could locate different types of vulnerabilities accurately and effectively, with recall\text{@}10 reaching 96.9% and precision\text{@}10 reaching 70.1%. Additionally, the results on Cyber Grand Challenge (CGC) program and LibTIFF 4.0.10 show that DeepVL is capable of locating vulnerable basic blocks in large-scale programs. As a fault localization tool, DeepVL could greatly reduce the manual effort of finding vulnerabilities in binaries.