On The Effectiveness of Kolmogorov Complexity Estimation to Discriminate Semantic Types

TL;DR

This paper explores the use of Kolmogorov Complexity estimates to identify and predict vulnerabilities in system components, enabling proactive security analysis without relying on predefined signatures.

Contribution

It introduces a framework that uses complexity estimation to detect semantic data types and potential vulnerabilities, advancing complexity-based security analysis methods.

Findings

Data types can be identified by their complexity estimates.

Complexity maps can reveal suspicious embedded data.

The approach predicts vulnerabilities before attack methods are known.

Abstract

We present progress on the experimental validation of a fundamental and universally applicable vulnerability analysis framework that is capable of identifying new types of vulnerabilities before attackers innovate attacks. This new framework proactively identifies system components that are vulnerable based upon their Kolmogorov Complexity estimates and it facilitates prediction of previously unknown vulnerabilities that are likely to be exploited by future attack methods. A tool that utilizes a growing library of complexity estimators is presented. This work is an incremental step towards validation of the concept of complexity-based vulnerability analysis. In particular, results indicate that data types (semantic types) can be identified by estimates of their complexity. Thus, a map of complexity can identify suspicious types, such as executable data embedded within passive data types, without resorting to predefined headers, signatures, or other limiting a priori information.