Stack overflow vulnerability detection based on BiLSTM-attention KAN deep learning model

Stack overflow vulnerability detection based on BiLSTM-attention KAN deep learning model

연구 분야: Infrastructure

학회: The Journal of Supercomputing

Stack overflow vulnerabilities pose serious security threats, potentially leading to crashes, data breaches or system compromise. Accordingly, we propose KBS (Kolmogorov–Arnold Network-enhanced bidirectional long short-term memory and self-attention), a deep learning approach for detecting stack-based buffer overflow vulnerabilities from assembly code. KBS combines Word2Vec for instruction embedding, a bidirectional long short-term memory (BiLSTM) network for capturing contextual patterns, and a self-attention mechanism to highlight critical instruction sequences. The traditional multilayer perceptron (MLP) is replaced by a Kolmogorov–Arnold network (KAN) as the final classification layer to improve nonlinear modeling and interpretability. In our experiments, we evaluate KBS on a dataset primarily composed of Common Weakness Enumeration (CWE) category CWE-121 (stack-based buffer overflow), supplemented with samples from CWE-122, CWE-124, and CWE-126. KBS achieves a detection accuracy of 99.4%, outperforming commonly used recurrent neural network models such as GRU, BiGRU, and LSTM with self-attention and KAN modules. Moreover, KBS significantly improves upon prior approaches to stack overflow vulnerability detection, offering enhanced accuracy and interpretability. Ablation experiments further confirm the effectiveness of key components, especially the attention mechanism and KAN. These results demonstrate the potential of KBS as an accurate and interpretable solution for static binary vulnerability detection.