Toward Reliable Detection of Malicious eBPF: Construction and Validation of a Large-Scale Bytecode Dataset
eBPF programs converge to a common bytecode, making bytecode-level detection a natural locus for defense. Current research lacks a large, reliable resource that links real-world eBPF exploits to verifiable bytecode artifacts and operational detection rules. We present eBPF-VulnBench, a dataset and workflow that couple CVE-grounded grouping with controlled builds to obtain canonical bytecode, synthesize bytecode rules from confirmed samples, and validate exploitability by recompiling, loading, and exercising the code against the claimed CVE semantics. Applied to approximately 1,100 candidates, the process yields a curated subset with reproducible artifacts, about 200 successful builds to seed rule design, and five initial rule sets for representative CVE groups. We report quantitative results on vulnerability coverage, build success, and detection outcomes. By unifying CVE-based grouping, build-backed verification, and bytecode-level rule generation, eBPF-VulnBench establishes a reproducible foundation for evaluating and advancing automated defenses for eBPF.
Thu 19 MarDisplayed time zone: Athens change
11:00 - 12:30 | Session 4B - Vulnerability Detection and LocalizationEarly Research Achievement (ERA) Track / Research Track / Short Papers and Posters Track / Industrial Track at Megaron Beta Chair(s): Pierre van de Laar TNO-ESI | ||
11:00 15mTalk | InterGNN: Using Context for Detecting Inter-procedural Vulnerabilities Industrial Track Sebastian Sierra Bosch Research, Jochen Quante Bosch Research, Eric Bodden Heinz Nixdorf Institute at Paderborn University & Fraunhofer IEM | ||
11:15 15mTalk | VFLAGENT: A Chain-of-Thought-Guided Multi-Agent Collaboration Framework for Vulnerable Function Localization Research Track Minghe Bai Nanjing University of Posts and Telecommunications, Wei Chen Institute of Software at Chinese Academy of Sciences, Shuo Li Nankai University, China;Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences;, Jiaxin Zhu Institute of Software at Chinese Academy of Sciences | ||
11:30 15mTalk | VulCMS: A Vulnerability Detection System Based on Centrality Analysis and Multi-Scale Attention Research Track Wenjing Cai School of Cybersecurity, Northwestern Polytechnical University, Jianfei Wang School of Software, Northwestern Polytechnical University, Jianfei Wang School of Software, Northwestern Polytechnical University, Lipeng Gao School of Software, Northwestern Polytechnical University | ||
11:45 15mTalk | Towards Secure Oracle Usage: Understanding and Detecting Oracle Vulnerabilities in Smart Contracts Research Track Ziming Chen Peking University, Yue Li Peking University, Jiashuo Zhang Peking University, China, Jianbo Gao Peking University, Che Wang Peking University, China, Jiakun Hao Peking University, Anming Xie Peking University, Zhi Guan Peking University, Zhong Chen | ||
12:00 7mTalk | Synergizing LLM-Driven Semantic Reasoning with Assertion-Guided Analysis for Enhanced Vulnerability Detection Early Research Achievement (ERA) Track Ying Wang Xidian University, Jie Su Xidian University, Cheng Wen Xidian University, rong wang , Cong Tian Xidian University, Zhenhua Duan Xidian University, Shengchao Qin Xidian University Media Attached | ||
12:07 7mTalk | Toward Reliable Detection of Malicious eBPF: Construction and Validation of a Large-Scale Bytecode Dataset Short Papers and Posters Track Yujin Kwon Duksung Women’s University, Yujeong Choi Duksung Women’s University, Dohwan Ji Hanbat National University, Jinyoung Kim Sungkyunkwan University | ||
12:14 7mTalk | Towards Online Malware Detection using Process Resource Utilization Metrics Short Papers and Posters Track Themistoklis Diamantopoulos Electrical and Computer Engineering Dept, Aristotle University of Thessaloniki, Dimosthenis Natsos Aristotle University of Thessaloniki, Andreas Symeonidis Electrical and Computer Engineering Dept., Aristotle University of Thessaloniki Pre-print | ||
12:21 8mTalk | From Data Leak to Secret Misses: The Impact of Data Leakage on Secret Detection Models Short Papers and Posters Track | ||