PS$^3$: Precise Patch Presence Test based on Semantic Symbolic Signature

• URL: http://arxiv.org/abs/2312.03393v4
• Date: Fri, 12 Jan 2024 05:18:22 GMT
• Title: PS$^3$: Precise Patch Presence Test based on Semantic Symbolic Signature
• Authors: Qi Zhan, Xing Hu, Zhiyang Li, Xin Xia, David Lo, and Shanping Li
• Abstract summary: Existing approaches mainly focus on detecting patches that are compiled in the same compiler options. PS3 exploits symbolic emulation to extract signatures that are stable under different compiler options. PS3 achieves scores of 0.82, 0.97, and 0.89 in terms of precision, recall, and F1 score.
• Score: 13.9637348151437
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: During software development, vulnerabilities have posed a significant threat to users. Patches are the most effective way to combat vulnerabilities. In a large-scale software system, testing the presence of a security patch in every affected binary is crucial to ensure system security. Identifying whether a binary has been patched for a known vulnerability is challenging, as there may only be small differences between patched and vulnerable versions. Existing approaches mainly focus on detecting patches that are compiled in the same compiler options. However, it is common for developers to compile programs with very different compiler options in different situations, which causes inaccuracy for existing methods. In this paper, we propose a new approach named PS3, referring to precise patch presence test based on semantic-level symbolic signature. PS3 exploits symbolic emulation to extract signatures that are stable under different compiler options. Then PS3 can precisely test the presence of the patch by comparing the signatures between the reference and the target at semantic level. To evaluate the effectiveness of our approach, we constructed a dataset consisting of 3,631 (CVE, binary) pairs of 62 recent CVEs in four C/C++ projects. The experimental results show that PS3 achieves scores of 0.82, 0.97, and 0.89 in terms of precision, recall, and F1 score, respectively. PS3 outperforms the state-of-the-art baselines by improving 33% in terms of F1 score and remains stable in different compiler options.

Related papers

• ReF Decompile: Relabeling and Function Call Enhanced Decompile [50.86228893636785]
  The goal of decompilation is to convert compiled low-level code (e.g., assembly code) back into high-level programming languages. This task supports various reverse engineering applications, such as vulnerability identification, malware analysis, and legacy software migration.
  arXiv  Detail & Related papers  (2025-02-17T12:38:57Z)
• Fine-Grained 1-Day Vulnerability Detection in Binaries via Patch Code Localization [12.73365645156957]
  1-day vulnerabilities in binaries have become a major threat to software security. patch presence test is one of the effective ways to detect the vulnerability. We propose a novel approach named PLocator, which leverages stable values from both the patch code and its context.
  arXiv  Detail & Related papers  (2025-01-29T04:35:37Z)
• SoftPatch+: Fully Unsupervised Anomaly Classification and Segmentation [84.07909405887696]
  This paper is the first to consider fully unsupervised industrial anomaly detection (i.e., unsupervised AD with noisy data) We propose memory-based unsupervised AD methods, SoftPatch and SoftPatch+, which efficiently denoise the data at the patch level. Compared with existing methods, SoftPatch maintains a strong modeling ability of normal data and alleviates the overconfidence problem in coreset. Comprehensive experiments conducted in diverse noise scenarios demonstrate that both SoftPatch and SoftPatch+ outperform the state-of-the-art AD methods on the MVTecAD, ViSA, and BTAD benchmarks.
  arXiv  Detail & Related papers  (2024-12-30T11:16:49Z)
• PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open-Source Software [15.867607171943698]
  We propose a two-phase framework with end-to-end correlation learning for better-tracing security patches. PatchFinder achieves a Recall@10 of 80.63% and a Mean Reciprocal Rank (MRR) of 0.7951. When applying PatchFinder in practice, we initially identified 533 patch commits and submitted them to the official, 482 of which have been confirmed by CVE Numbering Authorities.
  arXiv  Detail & Related papers  (2024-07-24T07:46:24Z)
• JailbreakBench: An Open Robustness Benchmark for Jailbreaking Large Language Models [123.66104233291065]
  Jailbreak attacks cause large language models (LLMs) to generate harmful, unethical, or otherwise objectionable content. evaluating these attacks presents a number of challenges, which the current collection of benchmarks and evaluation techniques do not adequately address. JailbreakBench is an open-sourced benchmark with the following components.
  arXiv  Detail & Related papers  (2024-03-28T02:44:02Z)
• Game Rewards Vulnerabilities: Software Vulnerability Detection with Zero-Sum Game and Prototype Learning [17.787508315322906]
  We propose a software vulneRability dEteCtion framework with zerO-sum game and prototype learNing, named RECON. We show that RECON outperforms the state-of-the-art baseline by 6.29% in F1 score.
  arXiv  Detail & Related papers  (2024-01-16T05:50:42Z)
• PPT4J: Patch Presence Test for Java Binaries [15.297767260561491]
  The number of vulnerabilities reported in open source software has increased substantially in recent years. The ability to test whether a patch is applied to the target binary, a.k.a. patch presence test, is crucial for practitioners. We propose a new patch presence test framework named PPT4J ($textbfP$atch $textbfP$resence $textbfT$est $textbffor$ $textbfJ$ava Binaries).
  arXiv  Detail & Related papers  (2023-12-18T08:28:13Z)
• BinGo: Identifying Security Patches in Binary Code with Graph Representation Learning [19.22004583230725]
  We propose BinGo, a new security patch detection system for binary code. BinGo consists of four phases, namely, patch data pre-processing, graph extraction, embedding generation, and graph representation learning. Our experimental results show BinGo can achieve up to 80.77% accuracy in identifying security patches between two neighboring versions of binary code.
  arXiv  Detail & Related papers  (2023-12-13T06:35:39Z)
• Segment and Complete: Defending Object Detectors against Adversarial Patch Attacks with Robust Patch Detection [142.24869736769432]
  Adversarial patch attacks pose a serious threat to state-of-the-art object detectors. We propose Segment and Complete defense (SAC), a framework for defending object detectors against patch attacks. We show SAC can significantly reduce the targeted attack success rate of physical patch attacks.
  arXiv  Detail & Related papers  (2021-12-08T19:18:48Z)
• Robust Encodings: A Framework for Combating Adversarial Typos [85.70270979772388]
  NLP systems are easily fooled by small perturbations of inputs. Existing procedures to defend against such perturbations provide guaranteed robustness to worst-case attacks. We introduce robust encodings (RobEn) that confer guaranteed robustness without making compromises on model architecture.
  arXiv  Detail & Related papers  (2020-05-04T01:28:18Z)
• (De)Randomized Smoothing for Certifiable Defense against Patch Attacks [136.79415677706612]
  We introduce a certifiable defense against patch attacks that guarantees for a given image and patch attack size. Our method is related to the broad class of randomized smoothing robustness schemes. Our results effectively establish a new state-of-the-art of certifiable defense against patch attacks on CIFAR-10 and ImageNet.
  arXiv  Detail & Related papers  (2020-02-25T08:39:46Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.