Title :
Predicting Buffer Overflow Vulnerabilities through Mining Light-Weight Static Code Attributes
Author :
Padmanabhuni, Bindu Madhavi ; Hee Beng Kuan Tan
Author_Institution :
Sch. of Electr. & Electron. Eng., Nanyang Technol. Univ., Singapore, Singapore
Abstract :
Static code attributes are widely used in defect prediction studies as an abstraction model because they capture general properties of the program. To counter buffer overflow exploits, programmers use buffer size checking and input validation schemes. In this paper, we propose light-weight static code attributes that can be extracted easily, to characterize buffer overflow safety mechanisms and input validation checks implemented in the code for predicting buffer overflows. We then use data mining methods on the collected static code attributes to predict buffer overflows in application programs. In our experiments across five applications, our best classifier could achieve a recall of 95% and precision over 80% suggesting that our proposed static code attributes are effective indicators in predicting buffer overflows.
Keywords :
data mining; pattern classification; program diagnostics; buffer overflow safety mechanisms; buffer overflow vulnerability prediction; buffer size checking; classifier; data mining methods; input validation schemes; light-weight static code attribute mining; software defect prediction; Accuracy; Arrays; Buffer overflows; Data mining; Filling; Predictive models; Radiation detectors; Vulnerability; buffer overflow; data mining; input validation; prediction; static analysis; static code attributes;
Conference_Titel :
Software Reliability Engineering Workshops (ISSREW), 2014 IEEE International Symposium on
Conference_Location :
Naples
DOI :
10.1109/ISSREW.2014.26
