Identifying and clustering attack-driven crash reports using machine learning
Abstract
We propose a tool to identify crashes caused by filed exploits from benign crashes, and cluster them based on the exploited vulnerabilities to prioritize crashes from a security point of view. The tool extracts features from crash reports and decides whether a crash caused by malicious behavior or not. In the case of malicious behavior, it identifies the attack type that generates the crash report; we are focusing on four attack types which are Heap exploitation, Shellcode injection, Format String attack, and Return Oriented Programming. Further, it clusters the crash reports based on the exploited vulnerabilities.