Predicting Integer Overflow through Static Integer Operation Attributes

被引：0

作者：

Meng Qingkun ^{[1
]}

Wen Shameng ^{[1
]}

Feng Chao ^{[1
]}

Tang Chaojing ^{[1
]}

机构：

[1] NUDT, Sch Elect Sci & Engn, Changsha, Hunan, Peoples R China

来源：

PROCEEDINGS OF 2016 5TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT) | 2016年

关键词：

component; machine learning; software security; integer overflow; software vulnerability;

D O I：

暂无

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Integer overflow vulnerability is very difficult to locate and patch. From experience speaking the more complicate the integer operation the more error-prone the program. So in this paper, we come up with a new method to leverage static integer operation attributes to predict integer overflows based on machine learning technique. The static integer operation attributes consist of sink, integer operation accumulation, sanitization and input attributes. Every function of the testing program will be converted to a 10-dimension vector which is fed to several machine learning algorithms to make prediction. Our experiment shows that the method gets a good performance.

引用

页码：177 / 181

页数：5

共 50 条

[1] Dynamic and static analyses of integer overflow vulnerabilities
Wen, Jiangtao, 1600, Tsinghua University (54):
[2] Static Analysis of Integer Overflow of Smart Contracts in Ethereum
Lai, Enmei
Luo, Wenjun
2020 4TH INTERNATIONAL CONFERENCE ON CRYPTOGRAPHY, SECURITY AND PRIVACY (ICCSP 2020), 2020, : 110 - 115
[3] Predicting Integer Overflow Errors via Supervised Learning
Luo, Yu
Xu, Weifeng
Xu, Dianxiang
INTERNATIONAL JOURNAL ON ARTIFICIAL INTELLIGENCE TOOLS, 2022, 31 (08)
[4] An integer overflow detection method based on integer variable unification
Xu, Guo-Ai
Zhang, Miao
Chen, Ai-Guo
Li, Zhong-Xian
Beijing Youdian Daxue Xuebao/Journal of Beijing University of Posts and Telecommunications, 2008, 31 (06): : 90 - 93
[5] Integer squarers with overflow detection
Gok, Mustafa
COMPUTERS & ELECTRICAL ENGINEERING, 2008, 34 (05) : 378 - 391
[6] Integer multipliers with overflow detection
Gok, Mustafa
Schulte, Michael J.
Arnold, Mark G.
IEEE TRANSACTIONS ON COMPUTERS, 2006, 55 (08) : 1062 - 1066
[7] Method of integer overflow detection to avoid buffer overflow
School of Computer Science and Engineering, Southeast University, Nanjing 211189, China
不详
J. Southeast Univ. Engl. Ed., 2009, 2 (219-223):
[8] Predicting Buffer Overflow Vulnerabilities through Mining Light-Weight Static Code Attributes
Padmanabhuni, Bindu Madhavi
Tan, Hee Beng Kuan
2014 IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW), 2014, : 317 - 322
[9] Integer multiplication with overflow detection or saturation
Schulte, MJ
Balzola, PI
Akkas, A
Brocato, RW
IEEE TRANSACTIONS ON COMPUTERS, 2000, 49 (07) : 681 - 691
[10] ELAID: detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis
Lili Xu
Mingjie Xu
Feng Li
Wei Huo
Cybersecurity, 3

← 1 2 3 4 5 →