TY - JOUR
T1 - Recurrent Semantic Learning-Driven Fast Binary Vulnerability Detection in Healthcare Cyber Physical Systems
AU - Yi, Xiaoyu
AU - Wu, Jun
AU - Li, Gaolei
AU - Bashir, Ali Kashif
AU - Li, Jianhua
AU - Alzubi, Ahmad Ali
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2023/9/1
Y1 - 2023/9/1
N2 - Healthcare cyber physical systems (HCPS) always pursuing high availability allow software providers to adopt multiple kinds of development languages to reuse third-party program codes, while leading to the wide propagation of hidden software vulnerabilities. However, it is impossible to accurately trace execution paths and locate the key elements during the software execution process, which makes semantic features of vulnerabilities in the binary code can not bed extracted. This is the key support in automated vulnerability detection practices. To address these problems, a novel fast vulnerability detection mechanism based on recurrent semantic learning is proposed, which does not require high-level permissions to access the compiling process and traverse all execution paths. Firstly, a programframe is constructed to integrate software run-time logic and executing environment, detecting vulnerabilities from multi-programming language binary codes. Secondly, to achieve the powerful software execution context-awareness ability, a cascaded-LSTM recurrent neural network is designated to extract semantic features from binary files with vulnerabilities. Besides, we establish an experimental toolkit named an intelligent vulnerability detector (IntVD) to demonstrate the effectiveness of the proposed methods. Extensive and practical experiments validate that the vulnerability recognition accuracy on the HCPS software including VLC and LibTIFF can reach more than 95%.
AB - Healthcare cyber physical systems (HCPS) always pursuing high availability allow software providers to adopt multiple kinds of development languages to reuse third-party program codes, while leading to the wide propagation of hidden software vulnerabilities. However, it is impossible to accurately trace execution paths and locate the key elements during the software execution process, which makes semantic features of vulnerabilities in the binary code can not bed extracted. This is the key support in automated vulnerability detection practices. To address these problems, a novel fast vulnerability detection mechanism based on recurrent semantic learning is proposed, which does not require high-level permissions to access the compiling process and traverse all execution paths. Firstly, a programframe is constructed to integrate software run-time logic and executing environment, detecting vulnerabilities from multi-programming language binary codes. Secondly, to achieve the powerful software execution context-awareness ability, a cascaded-LSTM recurrent neural network is designated to extract semantic features from binary files with vulnerabilities. Besides, we establish an experimental toolkit named an intelligent vulnerability detector (IntVD) to demonstrate the effectiveness of the proposed methods. Extensive and practical experiments validate that the vulnerability recognition accuracy on the HCPS software including VLC and LibTIFF can reach more than 95%.
KW - Binary vulnerability detection
KW - Cascaded LSTM
KW - Healthcare cyber physical systems
KW - Recurrent semantic learning
UR - http://www.scopus.com/inward/record.url?scp=85136679777&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85136679777&partnerID=8YFLogxK
U2 - 10.1109/TNSE.2022.3199990
DO - 10.1109/TNSE.2022.3199990
M3 - Article
AN - SCOPUS:85136679777
SN - 2327-4697
VL - 10
SP - 2537
EP - 2550
JO - IEEE Transactions on Network Science and Engineering
JF - IEEE Transactions on Network Science and Engineering
IS - 5
ER -