Vulnerability Fingerprint: An Efficient De-duplicating Technology of Crashes

With the broad application of fuzzing, the efficiency of vulnerability discovery improves, result in a large number of crashes generating more and more rapidly. However, the analysis of the crashes is a highly repetitive manual work. Here, to identify vulnerability features and de-duplicate crashes, a new technology was proposed which we called Vulnerability Fingerprint. We defined the basic vulnerability features of the Vulnerability Fingerprint, and used the multi-level classification method to establish the Vulnerability Fingerprint feature model. Finally, based on the Linux operating system, we designed and implemented the Vulnerability Fingerprint extraction tool, and tested the crashes obtained by fuzzing of real software. The results showed that there was a more than 90% reduction of crashes workload with the Vulnerability Fingerprint. And in the de-duplicated crashes, the vulnerability coverage rate even could reach nearly 100%.