We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Auditing buffer overflow vulnerabilities using hybrid static–dynamic analysis.
- Authors
Padmanabhuni, Bindu Madhavi; Tan, Hee Beng Kuan
- Abstract
Buffer overflow (BOF) vulnerabilities when present in code can be exploited to violate security objectives such as availability, confidentiality and integrity. They make up substantial portion of input manipulation attacks due to their common presence and ease of exploitation. In this study, the authors propose a hybrid approach combining static and dynamic program analysis with machine learning to audit BOFs. Simple rules to generate test data is proposed to confirm some of the vulnerabilities through dynamic analysis. Confirmed cases can be fixed by developers without further verification. Statements whose vulnerability is not confirmed by dynamic analysis are predicted by mining static code attributes. In the authors' evaluation using standard benchmarks, their best classifier achieved a recall over 93% and accuracy >94%. Dynamic analysis itself confirmed 34% of known vulnerabilities along with reporting six new bugs, thereby reducing by third, otherwise needed manual auditing effort.
- Publication
IET Software (Wiley-Blackwell), 2016, Vol 10, Issue 2, p54
- ISSN
1751-8806
- Publication type
Article
- DOI
10.1049/iet-sen.2014.0185