Title :
A Hybrid Approach to Detecting Security Defects in Programs
Author :
Yu, Lian ; Zhou, Jun ; Yi, Yue ; Fan, Jianchu ; Wang, Qianxiang
Author_Institution :
Sch. of Software & Microelectron., Peking Univ., Beijing, China
Abstract :
Static analysis works well at checking defects that clearly map to source code constructs. Model checking can find defects of deadlocks and routing loops that are not easily detected by static analysis, but faces the problem of state explosion. This paper proposes a hybrid approach to detecting security defects in programs. Fuzzy inference system is used to infer selection among the two detection approaches. A cluster algorithm is developed to divide a large system into several clusters in order to apply model checking. Ontology based static analysis employs logic reasoning to intelligently detect the defects. We also put forwards strategies to improve performance of the static analysis. At last, we perform experiments to evaluate the accuracy and performance of the hybrid approach.
Keywords :
fuzzy reasoning; ontologies (artificial intelligence); program diagnostics; program verification; security of data; cluster algorithm; fuzzy inference system; logic reasoning; model checking; ontology based static analysis; security defect; source code; Clustering algorithms; Explosions; Face detection; Fuzzy systems; Inference algorithms; Logic; Ontologies; Routing; Security; System recovery; feature extraction; fuzzy inference; model checking; ontology model; security defects; static analysis;
Conference_Titel :
Quality Software, 2009. QSIC '09. 9th International Conference on
Conference_Location :
Jeju
Print_ISBN :
978-1-4244-5912-4
DOI :
10.1109/QSIC.2009.10