Spotting Silent Buffer Overflows in Execution Trace through Graph Neural Network Assisted Data Flow Analysis

by   Zhilong Wang, et al.

A software vulnerability could be exploited without any visible symptoms. When no source code is available, although such silent program executions could cause very serious damage, the general problem of analyzing silent yet harmful executions is still an open problem. In this work, we propose a graph neural network (GNN) assisted data flow analysis method for spotting silent buffer overflows in execution traces. The new method combines a novel graph structure (denoted DFG+) beyond data-flow graphs, a tool to extract DFG+ from execution traces, and a modified Relational Graph Convolutional Network as the GNN model to be trained. The evaluation results show that a well-trained model can be used to analyze vulnerabilities in execution traces (of previously-unseen programs) without support of any source code. Our model achieves 94.39% accuracy on the test data and successfully locates 29 out of 30 real-world silent buffer overflow vulnerabilities. Leveraging deep learning, the proposed method is, to our best knowledge, the first general-purpose analysis method for silent buffer overflows. It is also the first method to spot silent buffer overflows in global variables, stack variables, or heap variables without crossing the boundary of allocated chunks.


page 1

page 2

page 3

page 4


MVD: Memory-Related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks

Memory-related vulnerabilities constitute severe threats to the security...

Learning to Execute Programs with Instruction Pointer Attention Graph Neural Networks

Graph neural networks (GNNs) have emerged as a powerful tool for learnin...

TEP-GNN: Accurate Execution Time Prediction of Functional Tests using Graph Neural Networks

Predicting the performance of production code prior to actually executin...

ReGVD: Revisiting Graph Neural Networks for Vulnerability Detection

Identifying vulnerabilities in the source code is essential to protect t...

A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities

This paper presents DeepTective, a deep learning approach to detect vuln...

Variable Record Table: A Run-time Solution for Mitigating Buffer Overflow Attack

We present a novel approach to mitigate buffer overflow attack using Var...

GraphEye: A Novel Solution for Detecting Vulnerable Functions Based on Graph Attention Network

With the continuous extension of the Industrial Internet, cyber incident...