Predicting Integer Overflow through Static Integer Operation Attributes

被引：0

作者：

Meng Qingkun ^{[1
]}

Wen Shameng ^{[1
]}

Feng Chao ^{[1
]}

Tang Chaojing ^{[1
]}

机构：

[1] NUDT, Sch Elect Sci & Engn, Changsha, Hunan, Peoples R China

来源：

PROCEEDINGS OF 2016 5TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT) | 2016年

关键词：

component; machine learning; software security; integer overflow; software vulnerability;

D O I：

暂无

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Integer overflow vulnerability is very difficult to locate and patch. From experience speaking the more complicate the integer operation the more error-prone the program. So in this paper, we come up with a new method to leverage static integer operation attributes to predict integer overflows based on machine learning technique. The static integer operation attributes consist of sink, integer operation accumulation, sanitization and input attributes. Every function of the testing program will be converted to a 10-dimension vector which is fed to several machine learning algorithms to make prediction. Our experiment shows that the method gets a good performance.

引用

页码：177 / 181

页数：5

共 50 条

[41] High-trusted-software-oriented automatic testing for integer overflow bugs
Lu X.-C.
Li G.
Lu K.
Zhang Y.
Ruan Jian Xue Bao/Journal of Software, 2010, 21 (02): : 179 - 193
[42] Data Type Bugs Taxonomy: Integer Overflow, Juggling, and Pointer Arithmetics in Spotlight
Ojanova, Irena B.
Galhardo, Carlos Eduardo
Moshtari, Sara
2022 IEEE 29TH ANNUAL SOFTWARE TECHNOLOGY CONFERENCE (STC 2022), 2022, : 192 - 205
[43] Metamorphic Testing Integer Overflow Faults of Mission Critical Program: A Case Study
Hui, Zhanwei
Huang, Song
Ren, Zhengping
Yao, Yi
MATHEMATICAL PROBLEMS IN ENGINEERING, 2013, 2013
[44] A runtime-testing method for integer overflow detection based on metamorphic relations
Hui, Zhan-Wei
Huang, Song
Ji, Meng-Yu
JOURNAL OF INTELLIGENT & FUZZY SYSTEMS, 2016, 31 (04) : 2349 - 2361
[45] Detecting Integer Overflow Errors in Java Source Code via Machine Learning
University of Missouri-Kansas City, Computer Science Electrical Engineering, Kansas City, United States
不详
Proc. Int. Conf. Tools Artif. Intell. ICTAI, (724-728):
[46] Layer the sphereFor accurate and additive voxelation by integer operation
Ranita Biswas
Partha Bhowmick
The Visual Computer, 2015, 31 : 787 - 797
[47] Layer the sphere For accurate and additive voxelation by integer operation
Biswas, Ranita
Bhowmick, Partha
VISUAL COMPUTER, 2015, 31 (6-8): : 787 - 797
[48] Boolean Integer Nonlinear Programming for Water Multireservoir Operation
El Mouatasim, Abdelkrim
JOURNAL OF WATER RESOURCES PLANNING AND MANAGEMENT-ASCE, 2012, 138 (02): : 176 - 181
[49] MIXED INTEGER PROGRAMMING IMPROVES SPRAY OPERATION PLANNING
MELACHRINOUDIS, E
RUMPF, D
VENEGAS, R
CANADIAN JOURNAL OF FOREST RESEARCH-REVUE CANADIENNE DE RECHERCHE FORESTIERE, 1987, 17 (12): : 1602 - 1608
[50] Teachers' construction of meanings of signed quantities and integer operation
Kumar, Ruchi S.
Subramaniam, K.
Naik, Shweta Shripad
JOURNAL OF MATHEMATICS TEACHER EDUCATION, 2017, 20 (06) : 557 - 590

← 1 2 3 4 5 →