BVSNO: Binary Code Vulnerability Detection Based on Slice Semantic and Node Order

Abstract

The proliferation of code reuse and the prevalence of CPU architecture and compilation environment diversity inevitably lead to many similar cross-platform binary vulnerability codes. This paper designs a deep learning model based on slice semantic and node order to detect similarity vulnerabilities. Firstly, it traverses the program dependence graph (PDG) forward and backward from the library/API function node to generate the binary slice and then uses the bidirectional long short-term memory (BLSTM) network and attention mechanism to form the semantic feature vector of the binary slice. Secondly, it extracts the order information of the slice nodes in the PDG and forms the adjacency matrix, which is then fed into the convolutional neural network (CNN) to form the order feature vector. Finally, the semantic and order feature vector are fused and inputted into the siamese network for similarity vulnerability detection. The detection results show that our method can effectively detect vulnerability.