The paper titled "Define-Use Guided Path Exploration for Better Forced Execution" by the Intelligent Software Security Research Team from our Information Security Research Laboratory has been accepted by ISSTA 2024, a top international academic conference in the field of software engineering. The first author of the paper is He Dongnan, a master's student from the class of 2023, and the supervising professor is Associate Professor You Wei. Master's student Xie Dongchen from the class of 2023 and doctoral student Wang Yujie from the class of 2021 also contributed to the publication of this paper. The work on this paper initially began as an enhancement project for the undergraduate course "Software Security Analysis." It was later submitted to the 15th National College Student Information Security Contest "Work Competition," and after multiple revisions, it was submitted to and accepted by this top international academic conference. This represents an attempt at integration between teaching, competition, and research.
ISSTA (ACM SIGSOFT International Symposium on Software Testing and Analysis) is recognized as one of the authoritative top conferences in the field of software engineering. Founded in 1992, it is recommended by the China Computer Federation (CCF) as an A-class conference.
Title of the Paper: Define-Use Guided Path Exploration for Better Forced Execution
Authors: Dongnan He, Dongchen Xie, Yujie Wang, Wei You, Bin Liang, Jianjun Huang, Wenchang Shi, Zhuo Zhang, Xiangyu Zhang
Corresponding Author: Wei You
Research Background:
In recent years, malware has become a prominent security threat. Direct dynamic execution of malware often fails to fully expose its hidden malicious behaviors. Forced execution techniques, which explore program paths by forcibly setting branch conditions, are effective in circumventing malware's self-protection mechanisms and revealing its hidden malicious activities. However, current forced execution approaches have limitations in their path exploration algorithms: they change control flow without considering data flow, which may lead to missing critical data flows or triggering infeasible data flows.
Abstract of the Paper:
The paper introduces a prototype system named DueForce, which employs a dynamic self-supervised approach to identify define-use relationships and uses them to guide path exploration. Specifically, after each execution, DueForce collects memory read-write information to predict previously undiscovered define-use relationships and corrects earlier predictions. Experiments demonstrate that DueForce significantly improves the analysis results of forced execution and effectively enhances the detection of hidden malicious behaviors.
Dongnan He is a master's student in the School of Information at Renmin University of China, specializing in information security and focusing on research areas such as binary program analysis and fuzz testing. He completed his undergraduate studies at the School of Information, Renmin University of China, as part of the 2019 Turing Class.
Wei You, an associate professor in the Computer Science Department at Renmin University of China, is selected as a national young talent project awardee. He has long been engaged in the automated discovery of software vulnerabilities and the dynamic/static analysis of binary programs, uncovering nearly a hundred security vulnerabilities in common applications and exposing hundreds of suspicious behaviors in malicious applications. He has published over ten papers in top international academic conferences and journals in the fields of information security and software engineering, winning the Best Paper Award once and being nominated for the Best Application Security Paper Award twice. He was honored with the "First Prize in Natural Science" by the China Computer Society. For more information, you can visit his personal webpage at https://www.youwei.site/ and his research group webpage at https://rucsesec.github.io/.