Code based software security vulnerability analyzing and detecting based on similar characteristic

Author

An, Xifeng ; Li, Weihua ; Pan, Wei

Author_Institution

Coll. of Comput. Sci., Northwestern Polytech. Univ., China

Volume

1

fYear

2008

fDate

17-19 Nov. 2008

Firstpage

584

Lastpage

589

Abstract

Through comprehensive analysis of software security vulnerability, a novel vulnerability detecting method based on similar characteristic is proposed in this paper. The method aims at C Code security detection. Based on Case-based Reasoning technology, the method performs similarity matching between security characteristic of source code and the characteristic of known security vulnerabilities, and calculates the similarity to determine if the code has security vulnerabilities. The experiments demonstrate that the presented method can effectively improve the veracity and efficiency of vulnerability detection. And it solves the problems that current detecting methods based on rule-matching cannot rapidly and accurately handle the large-scale legacy software and structure-complicated software. Furthermore, the definition and selection of threshold also improves the adaptability and agility of detecting method.

Keywords

security of data; software maintenance; C code security detection; case-based reasoning technology; code based software security vulnerability; legacy software; similarity matching; source code; structure-complicated software; vulnerability detection; Application software; Buffer overflow; Computer security; Information security; Intelligent systems; Knowledge engineering; Large-scale systems; Operating systems; Software maintenance; Software systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent System and Knowledge Engineering, 2008. ISKE 2008. 3rd International Conference on

Conference_Location

Xiamen

Print_ISBN

978-1-4244-2196-1

Electronic_ISBN

978-1-4244-2197-8

Type

conf

DOI

10.1109/ISKE.2008.4730998

Filename

4730998