AutoDE: Automated Vulnerability Discovery and Exploitation

Recently, automated testing for software vulnerability finding and exploitation has attracted more and more attention, due to the high scalability and efficiency. However, it is non-trivial and challenging since the existing methods have limited effectiveness to discover vulnerabilities, that are exploitable to hack the software. To address these challenges, we propose an Automated Vulnerability Discovery and Exploitation framework, AutoDE, which aims to improve the effectiveness of the vulnerability discovery and exploitation. In the vulnerability discovery stage, we propose Anti-Driller to alleviate the “path explosion” problem. It first generates a specific input through the symbolic execution by using the control flow graph (CFG), then leverages a mutation-based fuzzer to mutate this case to find vulnerabilities which can avoid unqualified mutation. In the vulnerability exploitation stage, we analyze the characteristics of vulnerabilities and then propose to generate exploits that produce a shell based on the detected vulnerabilities with several attack techniques. We have conducted extensive experiments on the RHG 2018 challenge dataset and the BCTF-RHG 2019 challenge dataset. The experimental results clearly demonstrate the effectiveness and scalability of the proposed framework.