Fuzzing is a widely used technique for software vulnerability discovery, as it can efficiently generate proof-of-concept (PoC) inputs that trigger crashes. However, it usually cannot explain the root causes of vulnerabilities, still requiring time-consuming manual analysis by security experts and thus slowing down vulnerability remediation. Therefore, efficiently inferring vulnerability root causes from crash-inducing inputs has become a key challenge for improving software security. To overcome the low accuracy and efficiency of existing automated root-cause analysis (RCA) methods—caused by insufficient sample quality and limited predicate expressiveness—we propose VulnArrow, the first accurate and efficient method for root-cause analysis of complex vulnerabilities. VulnArrow first adopts a dual-distribution sample generation strategy with differentiated mutation magnitudes to produce high-quality samples tailored for RCA. It then applies lightweight backward slicing to identify vulnerability-related variables. Finally, VulnArrow reformulates RCA as a data analysis problem, automatically constructing interpretable rule-based features and leveraging clustering to infer vulnerability causes. This approach removes the need for manually defined predicates and effectively handles complex, composite vulnerabilities. We implemented a prototype of VulnArrow and evaluated it on 40 real-world vulnerabilities from 19 open-source projects. Compared with the state-of-the-art method RaCing, VulnArrow improves root cause localization effectiveness by 86% and average ranking accuracy by 83%, while reducing analysis time by 90%. These results demonstrate that VulnArrow achieves both high accuracy and efficiency, making it practical for real-world use.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

VulnArrow: Data-Driven Vulnerability Root-Cause Analysis with Differential Sample Generation

  • Hongwei Li,
  • Wenmeng Zhang,
  • Yongjun Wang

摘要

Fuzzing is a widely used technique for software vulnerability discovery, as it can efficiently generate proof-of-concept (PoC) inputs that trigger crashes. However, it usually cannot explain the root causes of vulnerabilities, still requiring time-consuming manual analysis by security experts and thus slowing down vulnerability remediation. Therefore, efficiently inferring vulnerability root causes from crash-inducing inputs has become a key challenge for improving software security. To overcome the low accuracy and efficiency of existing automated root-cause analysis (RCA) methods—caused by insufficient sample quality and limited predicate expressiveness—we propose VulnArrow, the first accurate and efficient method for root-cause analysis of complex vulnerabilities. VulnArrow first adopts a dual-distribution sample generation strategy with differentiated mutation magnitudes to produce high-quality samples tailored for RCA. It then applies lightweight backward slicing to identify vulnerability-related variables. Finally, VulnArrow reformulates RCA as a data analysis problem, automatically constructing interpretable rule-based features and leveraging clustering to infer vulnerability causes. This approach removes the need for manually defined predicates and effectively handles complex, composite vulnerabilities. We implemented a prototype of VulnArrow and evaluated it on 40 real-world vulnerabilities from 19 open-source projects. Compared with the state-of-the-art method RaCing, VulnArrow improves root cause localization effectiveness by 86% and average ranking accuracy by 83%, while reducing analysis time by 90%. These results demonstrate that VulnArrow achieves both high accuracy and efficiency, making it practical for real-world use.