Survey of Intelligent Vulnerability Mining and Cyberspace Threat Detection

Abstract

Abstract: At present, the threat of cyberspace is becoming more and more serious. A large number of studies have focused on cyberspace security defense techniques and systems. Vulnerability mining technique can be applied to detect and repair vulnerabilities in time before the occurrence of network attacks, reducing the risk of intrusion; while threat detection technique can be applied to threat detection during and after network attacks occur, which can detect threats in a timely manner and respond to them, reducing the harm and loss caused by intrusion. This paper analyzed and summarized the research on vulnerability mining and cyberspace threat detection based on intelligent methods. In the aspect of intelligent vulnerability mining, the current research progress is summarized from several application classifications combined with artificial intelligence technique, namely vulnerability patch identification, vulnerability prediction, code comparison and fuzz testing. In the aspect of cyberspace threat detection, the current research progress is summarized from the classification of information carriers involved in threat detection based on network traffic, host data, malicious files, and network threat intelligence.

Key words: Artificial Intelligence, cyberspace security, network attack, threat detection technology, vulnerability mining, threat detection technology

摘要： 当前网络空间面临的威胁日益严重，大量研究关注网络空间安全防御技术及体系，其中漏洞挖掘技术可以应用于网络攻击发生前及时发现漏洞并修补，降低被入侵的风险，而威胁发现技术可以应用于网络攻击发生时及发生后的威胁检测，进而及时发现威胁并响应处置，降低入侵造成的危害和损失.分析并总结了基于智能方法进行漏洞挖掘与网络空间威胁发现的研究.其中，在智能化漏洞挖掘方面，从结合人工智能技术的漏洞补丁识别、漏洞预测、代码比对和模糊测试等几个应用分类方面总结了当前研究进展；在网络空间威胁发现方面，从基于网络流量、主机数据、恶意文件、网络威胁情报等威胁发现涉及的信息载体分类方面总结了当前研究进展.

关键词: 人工智能, 网络空间安全, 网络攻击, 威胁发现技术, 漏洞挖掘, 威胁发现技术

CLC Number:

TP183

刘宝旭, 李昊, 孙钰杰, 董放明, 孙天琦, 陈潇, . 智能化漏洞挖掘与网络空间威胁发现综述[J]. 信息安全研究, 2023, 9(10): 932-.

References

［1］Langner R. Stuxnet: Dissecting a cyberwarfare weapon［J］. IEEE Security & Privacy, 2011, 9(3): 4951［2］Whitehead D E, Owens K, Gammel D, et al. Ukraine cyberinduced power outage: Analysis and practical mitigation strategies［C］ Proc of the 70th Annual Conf for Protective Relay Engineers (CPRE). Piscataway, NJ: IEEE, 2017: 18 ［3］Peisert S, Schneier B, Okhravi H, et al. Perspectives on the solarwinds incident［J］. IEEE Security & Privacy, 2021, 19(2): 713［4］韩雪莹王泽辉, 刘润时,等. 高级持续性威胁检测技术研究综述［JOL］. 信息安全学报［20230905］. https:jcs.iie.ac.cnxxaqxbchreaderview_abstract.aspx?flag=2&file_no=202203020000001&journal_id=xxaqxb［5］GARTNER. Gartner［ROL］. 2023 ［20230905］. https:www.gartner.comcn［6］Zhou Y, Sharma A. Automated identification of security issues from commit messages and bug reports［C］ Proc of the 11th Joint Meeting on Foundations of Software Engineering. New York: ACM, 2017: 914919［7］Perl H, Dechand S, Smith M, et al. Vccfinder: Finding potential vulnerabilities in opensourceprojects to assist code audits［C］ Proc of the 22nd ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2015: 426437［8］Wang X, Wang S, Feng P, et al. PatchRNN: A deep learningbased system for security patch identification［C］ Proc of MILCOM 2021—2021 IEEE Military Communications Conf (MILCOM). Piscataway, NJ: IEEE, 2021: 595600 ［9］Wu B, Liu S, Feng R, et al. Enhancing security patch identification by capturing structures in commits［J］. IEEE Trans on Dependable and Secure Computing, 2022, 20(2): 115［10］Zhou J, Pacheco M, Wan Z, et al. Finding a needle in a haystack: Automated mining of silent vulnerability fixes［C］ Proc of the 36th IEEEACM Int Conf on Automated Software Engineering (ASE). Piscataway, NJ: IEEE, 2021: 705716［11］Steenhoek B, Le W, Gao H. DeepDFA: Dataflow analysisguided efficient graph learning for vulnerability detection ［JOL］. CoRR, 2022 ［20230905］. https:arxiv.orgpdf2212.08108.pdf［12］Luo Z, Wang P, Wang B, et al. VulHawk: Crossarchitecture vulnerability detection with entropybased binary code search［COL］ Proc of Network Distributed System Security Symposium. 2023 ［20230905］. https:www.ndsssymposium.orgwpcontentuploads202302/ndss2023_f415_paper.pdf［13］Mamede C, Pinconschi E, Abreu R, et al. Exploring transformers for multilabel classification of Java vulnerabilities［C］ Proc of the 22nd IEEE Int Conf on Software Quality, Reliability and Security (QRS). Piscataway, NJ: IEEE, 2022: 4352［14］Zhu X, Chen W, Zheng W, et al. Gemini: A computationcentric distributed graph processing system［C］ Proc of the 12th USENIX Symp on Operating Systems Design and Implementation (OSDI 16). Berkeley, CA: USENIX Association, 2016: 301316［15］Wang H, Qu W, Katz G, et al. Jtrans: Jumpaware transformer for binary code similarity detection［C］ Proc of the 31st ACM SIGSOFT Int Symp on Software Testing and Analysis. New York: ACM, 2022: 113［16］Godefroid P, Peleg H, Singh R. Learn&fuzz: Machine learning for input fuzzing［C］ Proc of the 32nd IEEEACM Int Conf on Automated Software Engineering (ASE). Piscataway, NJ: IEEE, 2017: 5059［17］She D, Pei K, Epstein D, et al. Neuzz: Efficient fuzzing with neural program smoothing［C］ Proc of 2019 IEEE Symp on Security and Privacy (SP). Piscataway, NJ: IEEE, 2019: 803817［18］She D, Krishna R, Yan L, et al. MTFuzz: Fuzzing with a multitask neural network［C］ Proc of the 28th ACM Joint Meeting on European Software Engineering Conf and Symp on the Foundations of Software Engineering. New York: ACM, 2020: 737749［19］Chen Y, Ahmadi M, Wang B, et al. Meuzz: Smart seed scheduling for hybrid fuzzing［C］ Proc of the 23rd Int Symp on Research in Attacks, Intrusions and Defenses (RAID). Berkeley, CA: USENIX Association, 2020: 7792［20］Li X, Liu X, Chen L, et al. FuzzBoost: Reinforcement Compiler Fuzzing［C］ Proc of Int Conf on Information and Communications Security. Berlin: Springer, 2022: 359375［21］Lee M, Cha S, Oh H. Learning seedadaptive mutation strategies for greybox fuzzing［C］ Proc of the 45th IEEEACM Int Conf on Software Engineering (ICSE). Piscataway, NJ: IEEE, 2023: 384396［22］Wang X, Hu C, Ma R, et al. LAFuzz: Neural network for efficient fuzzing［C］ Proc of the 32nd IEEE Int Conf on Tools with Artificial Intelligence (ICTAI). Piscataway, NJ: IEEE, 2020: 603611［23］Liu X, Li X, Prajapati R, et al. Deepfuzz: Automatic generation of syntax valid c programs for fuzz testing［C］ Proc of the AAAI Conf on Artificial Intelligence. Menlo Park, CA: AAAI Press, 2019: 10441051［24］Hu Z, Shi J, Huang Y H, et al. GANFuzz: A GANbased industrial network protocol fuzzing framework［C］ Proc of the 15th ACM Int Conf on Computing Frontiers.New York: ACM, 2018: 138145［25］冷涛, 蔡利君, 于爱民, 等. 基于系统溯源图的威胁发现与取证分析综述［J］. 通信学报, 2022, 43(7): 172188［26］徐嘉涔, 王轶骏, 薛质. 网络空间威胁狩猎的研究综述［J］. 通信技术, 2020, 53(1): 18［27］Yang C. Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment［J］. Cluster Computing, 2019, 22(4): 83098317［28］Dong C, Lu Z, Cui Z, et al. MBTree: Detecting encryption RATs communication using malicious behavior tree［J］. IEEE Trans on Information Forensics and Security, 2021, 16: 35893603［29］Zhang J, Yang L, Yu S, et al. A DNS tunneling detection method based on deep learning models to prevent data exfiltration［C］ Proc of the 13th Int Conf on Network and System Security. Berlin: Springer, 2019: 520535［30］Ilgun K. USTAT: A realtime intrusion detection system for UNIX［C］ Proc of 1993 IEEE Computer Society Symp on Research in Security and Privacy. Piscataway, NJ: IEEE, 1993: 1628［31］Yang L, Chen J, Wang Z, et al. Semisupervised logbased anomaly detection via probabilistic label estimation［C］ Proc of the 43rd IEEEACM Int Conf on Software Engineering (ICSE). Piscataway, NJ: IEEE, 2021: 14481460［32］Hossain M N, Milajerdi S M, Wang J, et al. SLEUTH: Realtime attack scenario reconstruction from {COTS} audit data［C］ Proc of the 26th USENIX Security Symp (USENIX Security 17). Berkeley, CA: USENIX Association, 2017: 487504［33］Le V H, Zhang H. Logbased anomaly detection with deep learning: How far are we?［C］ Proc of the 44th Int Conf on Software Engineering. New York: ACM, 2022: 13561367［34］Virustotal. Virustotal’s 2021 Malware Trends Report［MOL］. 2021 ［20230905］. https:assets.virustotal.comreports2021trends.pdf［35］Santos I, Laorden C, Bringas P G. Collective classification for unknown malware detection［C］ Proc of the Int Conf on Security and Cryptography. Piscataway, NJ: IEEE, 2011: 251256［36］Ye Y, Chen L, Wang D, et al. SBMDS: An interpretable string based malware detection system using SVM ensemble with bagging［J］. Journal in Computer Virology, 2009, 5(4): 28393［37］Anderson B, StorlieC, Lane T. Improving malware classification: bridging the staticdynamic gap［C］ Proc of the 5th ACM Workshop on Security and Artificial Intelligence. New York: ACM, 2012: 314［38］Santos I, Penya Y K, Devesa J, et al. Ngramsbased file signatures for malware detection［C］ Proc of Int Conf on Enterprise Information Systems. Berlin: Springer, 2009: 317320［39］Liu L, Wang B. Malware classification using grayscale images and ensemble learning［C］ Proc of the 3rd Int Conf on Systems and Informatics (ICSAI). Piscataway, NJ: IEEE, 2016: 10181022［40］Islam R, Tian R, Batten L, et al. Classification of malware based on string and function feature selection［C］ Proc of the 2nd Cybercrime and Trustworthy Computing Workshop. Piscataway, NJ: IEEE, 2010: 917［41］Mavroeidis V, Bromander S. Cyber threat intelligence model: An evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence［C］ Proc of 2017 European Intelligence and Security Informatics Conf (EISIC). Piscataway, NJ: IEEE, 2017: 9198［42］刘亮, 赵倩崇, 郑荣锋, 等. 基于威胁情报的自动生成入侵检测规则方法［J］. 计算机工程与设计, 2022, 43(1): 18［43］Guarascio M, Cassavia N, Pisani F S, et al. Boosting cyberthreat intelligence via collaborative intrusion detection［J］ Future Generation Computer Systems, 2022, 135(1): 3043［44］Mahmoud M, Mannan M, Youssef A. APTHunter: Detecting Advanced Persistent Threats in Early Stages［J］. Digital Threats, 2023, 4(1): Article 11［45］Gao P, Shao F, Liu X, et al. Enabling efficient cyber threat hunting with cyber threat intelligence［C］ Proc of the 37th IEEE Int Conf on Data Engineering (ICDE). Piscataway, NJ: IEEE, 2021: 193204［46］Riebe T, Wirth T, Bayer M, et al. Cysecalert: An alert generation system for cyber security events using open source intelligence data［C］ Proc of Int Conf on Information and Communications Security. Berlin: Springer, 2021: 429446［47］Nagai T, Takita M, Furumoto K, et al. Understanding attack trends from security blog posts using guidedtopic model［J］. Journal of Information Processing, 2019, 27(1): 802809［48］GonzáLezGranadillo G, Faiella M, Medeiros I, et al. ETIP: An enriched threat intelligence platform for improving OSINT correlation, analysis, visualization and sharing capabilities［J］. Journal of Information Security, 2021, 58(3): 102715

[1]	. Security and Privacy Protection in 6G Network: A Survey [J]. Journal of Information Security Reserach, 2023, 9(9): 822-.
[2]	. Data Scarcity and Large Language Model Data Value Asymmetry [J]. Journal of Information Security Reserach, 2023, 9(7): 637-.
[3]	. Consideration on Some Problems in the Development of GPT4 and Its Regulation Scheme [J]. Journal of Information Security Reserach, 2023, 9(6): 510-.
[4]	. Research on Artificial Intelligence Data Falsification Risk Based on GPT Model [J]. Journal of Information Security Reserach, 2023, 9(6): 518-.
[5]	. Research on Content Detection Generated by Large Language Model and the Mechanism of Bypassing [J]. Journal of Information Security Reserach, 2023, 9(6): 524-.
[6]	. Research on the Integration of Full Lifecycle Data Security Management and Artificial Intelligence Technology#br# [J]. Journal of Information Security Reserach, 2023, 9(6): 543-.
[7]	. Research on Network Security Governance and Response of Largescale AI Model [J]. Journal of Information Security Reserach, 2023, 9(6): 551-.
[8]	. A Method of Active Defense for Intelligent Manufacturing Device Swarms Based on Remote Attestation [J]. Journal of Information Security Reserach, 2023, 9(6): 580-.
[9]	. Challenges and Countermeasures of Artificial Intelligence Security Governance [J]. Journal of Information Security Reserach, 2022, 8(4): 318-.
[10]	. Computing Force Network Security Architecture and Data Security Governance Technology [J]. Journal of Information Security Reserach, 2022, 8(4): 340-.
[11]	. Research and Prospect of Adversarial Attack in the Field of Natural Laguage Processing [J]. Journal of Information Security Reserach, 2022, 8(3): 202-.
[12]	. Physical Adversarial Attacks Against Deep Reinforcement Learning Based Navigation [J]. Journal of Information Security Reserach, 2022, 8(3): 212-.
[13]	. An Overview of Application and Technology of Artificial Intelligence in Cybersecurity [J]. Journal of Information Security Reserach, 2022, 8(2): 110-.
[14]	. The Research on Artificial Intelligence Law of European Union in 2021 [J]. Journal of Information Security Reserach, 2022, 8(2): 117-.
[15]	. Design and Implementation of Anomaly Detection System for Programmable Data Plane System [J]. Journal of Information Security Reserach, 2022, 8(2): 135-.