A static comprehensive analytical method for buffer overflow vulnerability detection

被引:0
|
作者
Shao Bilin [1 ]
Yan Jiafen [1 ]
Bian Genqing [1 ]
Zhao Yu [1 ]
Song Dan [1 ]
机构
[1] Xian Univ Architecture & Technol, Sch Management, Xian, Peoples R China
来源
PROCEEDINGS OF THE 2016 INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND ELECTRONIC TECHNOLOGY | 2016年 / 48卷
关键词
Buffer overflow; vulnerability detection; comprehensive analysis; reliability weights;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Buffer overflow vulnerability is a widespread and dangerous security problem. Detecting buffer overflow vulnerability has great research value in information security area. This paper proposes a static comprehensive analytical method for buffer overflow vulnerability detection. Firstly, this method adopts many kinds of static detection tools for detecting the source codes and producing their own detecting reports. Secondly, comprehensive analysis is implemented to evaluate the reliability weights of detecting tools by training process with detection results, and further optimize the detection results. This training process can improve the efficiency of discovering buffer overflow vulnerabilities with lower rate of omissions and misstatements. The experimental results show that compared with single static detection methods, the rates of both false alert and missed alert decrease significantly.
引用
收藏
页码:151 / 155
页数:5
相关论文
共 50 条
  • [1] Method of integer overflow detection to avoid buffer overflow
    School of Computer Science and Engineering, Southeast University, Nanjing 211189, China
    不详
    [J]. J. Southeast Univ. Engl. Ed., 2009, 2 (219-223):
  • [2] Static analysis method for detecting buffer overflow vulnerabilities
    Puchkov, FM
    Shapchenko, KA
    [J]. PROGRAMMING AND COMPUTER SOFTWARE, 2005, 31 (04) : 179 - 189
  • [3] Vulnerability scanning for buffer overflow
    Iyer, A
    Liebrock, LM
    [J]. ITCC 2004: INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: CODING AND COMPUTING, VOL 2, PROCEEDINGS, 2004, : 116 - 117
  • [4] Static Analysis Method for Detecting Buffer Overflow Vulnerabilities
    F. M. Puchkov
    K. A. Shapchenko
    [J]. Programming and Computer Software, 2005, 31 : 179 - 189
  • [5] Classification of Buffer Overflow Vulnerability Monitors
    Shahriar, Hossain
    Zulkernine, Mohammad
    [J]. FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS, 2010, : 519 - 524
  • [6] BovdGFE: buffer overflow vulnerability detection based on graph feature extraction
    Xinghang Lv
    Tao Peng
    Jia Chen
    Junping Liu
    Xinrong Hu
    Ruhan He
    Minghua Jiang
    Wenli Cao
    [J]. Applied Intelligence, 2023, 53 : 15204 - 15221
  • [7] BovdGFE: buffer overflow vulnerability detection based on graph feature extraction
    Lv, Xinghang
    Peng, Tao
    Chen, Jia
    Liu, Junping
    Hu, Xinrong
    He, Ruhan
    Jiang, Minghua
    Cao, Wenli
    [J]. APPLIED INTELLIGENCE, 2023, 53 (12) : 15204 - 15221
  • [8] PwnMaster: Automatic Buffer Overflow and Format String Vulnerability Detection and Exploitation
    Petrean, Florin
    Colesa, Adrian
    [J]. 2024 IEEE INTERNATIONAL CONFERENCE ON AUTOMATION, QUALITY AND TESTING, ROBOTICS, AQTR, 2024, : 105 - 109
  • [9] Static detection of real-world buffer overflow induced by loop
    Luo, Peng
    Zou, Deqing
    Du, Yajuan
    Jin, Hai
    Liu, Changming
    Shen, Jinan
    [J]. COMPUTERS & SECURITY, 2020, 89
  • [10] Buffer Overflow Vulnerability Detection based on Format-Matching on Source Level
    Wang, Xiaoyu
    Zhang, Zhao
    Wen, Qiaoyan
    [J]. PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON LOGISTICS, ENGINEERING, MANAGEMENT AND COMPUTER SCIENCE, 2014, 101 : 298 - 301
12345