Buffer Overflow Vulnerability Prediction from x86 Executables Using Static Analysis and Machine Learning

Mining static code attributes for predicting software vulnerabilities has received some attention recently. There are a number of approaches for detecting vulnerabilities from source code, but commercial off the shelf components are, in general, distributed in binary form. Before using such third-party components it is imperative to check for presence of vulnerabilities. We investigate the use of static analysis and machine learning for predicting buffer overflow vulnerabilities from binaries in this study. To mitigate buffer overflows, developers typically perform size checks and input validation. We propose static code attributes characterizing buffer usage and defense mechanisms implemented in the code for preventing buffer overflows. The proposed approach starts by identifying potential vulnerable statement constructs during binary program analysis and extracts static code attributes for each of them as per proposed characterization scheme to capture buffer usage patterns and defensive mechanisms employed in the code. Data mining methods are then used on these collected code attributes for predicting buffer overflows. Our experimental evaluation on standard buffer overflow benchmark binaries shows that the proposed static code attributes are effective in predicting buffer overflow vulnerabilities.