A Memory-Related Vulnerability Detection Approach Based on Vulnerability Features 被引量：3

A Memory-Related Vulnerability Detection Approach Based on Vulnerability Features

导出

摘要 Developing secure software systems is a major challenge in the software industry due to errors or weaknesses that bring vulnerabilities to the software system.To address this challenge,researchers often use the source code features of vulnerabilities to improve vulnerability detection.Notwithstanding the success achieved by these techniques,the existing studies mainly focus on the conceptual description without an accurate definition of vulnerability features.In this study,we introduce a novel and efficient Memory-Related Vulnerability Detection Approach using Vulnerability Features (MRVDAVF).Our framework uses three distinct strategies to improve vulnerability detection.In the first stage,we introduce an improved Control Flow Graph (CFG) and Pointer-related Control Flow Graph (PCFG) to describe the features of some common vulnerabilities,including memory leak,doublefree,and use-after-free.Afterward,two algorithms,namely Vulnerability Judging algorithm based on Vulnerability Feature (VJVF) and Feature Judging (FJ) algorithm,are employed to detect memory-related vulnerabilities.Finally,the proposed model is validated using three test cases obtained from Juliet Test Suite.The experimental results show that the proposed approach is feasible and effective. Developing secure software systems is a major challenge in the software industry due to errors or weaknesses that bring vulnerabilities to the software system.To address this challenge,researchers often use the source code features of vulnerabilities to improve vulnerability detection.Notwithstanding the success achieved by these techniques,the existing studies mainly focus on the conceptual description without an accurate definition of vulnerability features.In this study,we introduce a novel and efficient Memory-Related Vulnerability Detection Approach using Vulnerability Features (MRVDAVF).Our framework uses three distinct strategies to improve vulnerability detection.In the first stage,we introduce an improved Control Flow Graph (CFG) and Pointer-related Control Flow Graph (PCFG) to describe the features of some common vulnerabilities,including memory leak,doublefree,and use-after-free.Afterward,two algorithms,namely Vulnerability Judging algorithm based on Vulnerability Feature (VJVF) and Feature Judging (FJ) algorithm,are employed to detect memory-related vulnerabilities.Finally,the proposed model is validated using three test cases obtained from Juliet Test Suite.The experimental results show that the proposed approach is feasible and effective.

作者 Jinchang Hu Jinfu Chen Lin Zhang Yisong Liu Qihao Bao Hilary Ackah-Arthur Chi Zhang

机构地区 the School of Computer Science and Communication Engineering

出处《Tsinghua Science and Technology》 SCIE EI CAS CSCD 2020年第5期604-613,共10页 清华大学学报（自然科学版（英文版）

基金 funded by the National Natural Science Foundation of China(Nos.U1836116 and 61872167) the Project of Jiangsu Provincial Six Talent Peaks(No.XYDXXJS-016) the Graduate Research Innovation Project of Jiangsu Province(No.KYCX171807)。

关键词 vulnerability feature Control Flow Graph(CFG) Memory Leak(ML) Double-Free(DF) Use-After-Free(UAF) vulnerability feature Control Flow Graph(CFG) Memory Leak(ML) Double-Free(DF) Use-After-Free(UAF)

分类号 TP311.53 [自动化与计算机技术—计算机软件与理论]

引文网络
相关文献

参考文献2

1Zhenbo XU,Jian ZHANG,Zhongxing XU.Melton： a practical and precise memory leak detection tool for C programs[J].Frontiers of Computer Science,2015,9(1):34-54. 被引量：6
2曾佳平,杨秋辉,汪华龙,徐保平,黄蔚.基于动态插桩的C/C++内存泄漏检测工具的设计与实现[J].计算机应用研究,2015,32(6):1737-1741. 被引量：8

二级参考文献48

1Evans D. Static detection of dynamic memory errors. In: Proceedings of the ACM SIGPLAN 1996 Conference on Programming Language Design an Implementation. 1996, 44-53.
2Bush W R, Pincus J D, Sielaff D J. A static analyzer for finding dy- namic programming errors. Software-Practice and Experience, 2000, 30(7): 775-802.
3Heine D L, Lam M S. A practical flow-sensitive and context-sensitive C and C++ memory leak detector. In: Proceedings of the ACM SIG- PLAN 2003.
4Conference on Programming Language Design and Im- plementation. 2003, 168-181.
5Xie Y, Aiken A. Context- and path-sensitive memory leak detection. In: Proceedings of the 2005 Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFF Symposium on the Foundations of Software Engineering. 2005, 115-125.
6Orlovich M, Rugina R. Memory leak analysis by contradiction. In: International Static Analysis Symposium. 2006, 405-424.
7Cherem S, Princehouse L, Rugina R. Practical memory leak detec- tion using guarded value-flow analysis. In: Proceedings of the ACM SIGPLAN 2007.
8Conference on Programming Language Design and Implementation. 2007, 480-491.
9Xu Z, Zhang J. Path and context sensitive inter-procedural memory leak detection. In: Proceedings of the 2008 International Conference on Quality Software. 2008, 412-420.
10Jung Y, Yi K. Practical memory leak detector based on parameter- ized procedural summaries. In: Proceedings of the 2008 International Symposium on Memory Management. 2008, 131-140.

共引文献11

1黄蔚,洪玫,杨秋辉,郭鑫宇,代声馨,徐保平,高婉玲,赵鹤.基于有界模型检测的C/C++程序内存泄露检测[J].计算机应用研究,2016,33(6):1762-1766. 被引量：2
2曹华雄,顾乃杰,李燚.面向Python程序的静态死锁检测方法的研究[J].小型微型计算机系统,2017,38(3):465-471. 被引量：5
3李筱,周严,李孟宸,陈园军,XU Guo-Qing,王林章,李宣东.C/C++程序静态内存泄漏警报自动确认方法[J].软件学报,2017,28(4):827-844. 被引量：5
4曹原野,丁丽萍.基于Clang编译前端的Android源代码静态分析技术[J].计算机系统应用,2017,26(10):1-10.
5刘小燕,闫振宇,韩啸,杨坤,陈献庆.嵌入式装置内存泄漏检测系统的设计与实现[J].电子设计工程,2018,26(8):188-193. 被引量：1
6张国强,殷博,邱宇,王伟静.基于概率层次分析的缓冲区溢出检测工具评估[J].计算机应用与软件,2018,35(7):27-32. 被引量：1
7芮万智,许金,王路,郭鹏辉.嵌入式LwIP协议栈内存泄露问题研究[J].海军工程大学学报,2019,31(6):19-22. 被引量：1
8何恺.嵌入式Linux下内存泄漏的检查和解决[J].现代计算机,2020,26(11):78-82.
9代培武,潘祖烈,施凡.面向漏洞类型的Crash分类研究[J].计算机工程与应用,2020,56(13):124-130. 被引量：1
10彭双和,韩静.基于内存访问轨迹的程序脆弱性检测[J].北京交通大学学报,2020,44(5):55-62. 被引量：2

同被引文献5

1Weiwei Jiang,Lin Zhang.Geospatial Data to Images: A Deep-Learning Framework for Traffic Forecasting[J].Tsinghua Science and Technology,2019,24(1):52-64. 被引量：16
2王涛,韩兰胜,付才,邹德清,刘铭.软件漏洞静态检测模型及检测框架[J].计算机科学,2016,43(5):80-86. 被引量：4
3韩心慧,魏爽,叶佳奕,张超,叶志远.二进制程序中的use-after-free漏洞检测技术[J].清华大学学报（自然科学版）,2017,57(10):1022-1029. 被引量：6
4Haiming Huang,Junhao Lin,Linyuan Wu,Bin Fang,Zhenkun Wen,Fuchun Sun.Machine Learning-Based Multi-Modal Information Perception for Soft Robotic Hands[J].Tsinghua Science and Technology,2020,25(2):255-269. 被引量：5
5Lei Zhang,Chenbo Xu,Yihua Gao,Yi Han,Xiaojiang Du,Zhihong Tian.Improved Dota2 Lineup Recommendation Model Based on a Bidirectional LSTM[J].Tsinghua Science and Technology,2020,25(6):712-720. 被引量：7

引证文献3

1Hongsong Chen,Yongpeng Zhang,Yongrui Cao,Jing Xie.Security Issues and Defensive Approaches in Deep Learning Frameworks[J].Tsinghua Science and Technology,2021,26(6):894-905. 被引量：3
2许健,陈平华,熊建斌.基于抽象内存模型的内存相关漏洞检测方法[J].计算机工程与应用,2022,58(8):96-108. 被引量：5
3Bui Van Cong,Cho Do Xuan.A New Framework for Software Vulnerability Detection Based on an Advanced Computing[J].Computers, Materials & Continua,2024,79(6):3699-3723.

二级引证文献8

1蔡红云,袁世林,温玉,任继超,孟洁.基于CNN和犹豫模糊决策的欺诈攻击检测[J].工程科学与技术,2022,54(3):80-90. 被引量：3
2董玉坤,位欣欣,孙玉雪,唐道龙.跟踪机制引导的C程序内存错误自动修复[J].计算机工程与应用,2022,58(19):76-87. 被引量：1
3周金,李玉芝,李斌.小样本图像处理方法赋能的宽带频谱感知[J].电子与信息学报,2023,45(3):1102-1110. 被引量：1
4宋健,张超.基于规则过滤的机场网站漏洞自动化检测系统[J].自动化与仪器仪表,2023(4):134-137.
5张和伟,王奉章.基于被动分簇算法的即时通信网络安全漏洞检测方法[J].智能计算机与应用,2023,13(7):119-122. 被引量：4
6王莹,于波涛,张岩.基于状态跟踪的变电站主机运行漏洞检测方法[J].电子设计工程,2023,31(24):168-171.
7张辉.Web应用漏洞检测系统的研究与设计[J].现代计算机,2024,30(9):100-103.
8马祥跃,杜晓婷,采青,郑阳,胡崝,郑征.深度学习框架测试研究综述[J].软件学报,2024,35(8):3752-3784. 被引量：1

1张思为.不稳定型心绞痛采用美托洛尔与辛伐他汀治疗的症状及疗效改善效果探究[J].数理医药学杂志,2020,33(7):1054-1055. 被引量：1
2N.Nakakawa,Joseph Y.T.Mugisha,Michael W.Shaw,Eldad Karamura.Banana Xanthomonas wilt dynamics with mixed cultivars in a periodic environment Juliet[J].International Journal of Biomathematics,2020,13(1):141-162.
3Yang-Yang Zhao,Ming-Yu Chen,Yu-Hang Liu,Zong-Hao Yang,Xiao-Jing Zhu,Zong-Hui Hong,Yun-Ge Guo.IMPULP:A Hardware Approach for In-Process Memory Protection via User-Level Partitioning[J].Journal of Computer Science & Technology,2020,35(2):418-432.
4陈锦富,陈书杰,张庆晨,周敏敏,张磊.一种漏洞代码语义描述语言的设计与实现[J].江苏大学学报（自然科学版）,2020,41(3):249-255. 被引量：1
5NUMBERS[J].Beijing Review,2020,63(24):41-41.
6Jiangdong Qiu,Changliang Ren,Zhaoxue Li,Linguo Xie,Yu He,Zhiyou Zhang,Jinglei Du.Extended validity of weak measurement[J].Chinese Physics B,2020,29(6):237-241. 被引量：1
7唐思琦,韩丛英,郭田德.基于机器学习的点集匹配算法[J].中国科学院大学学报（中英文）,2020,37(4):450-457. 被引量：2
8Akbar JAFARI,Reza ABBASI HATTANI.Investigation of parameters influencing erosive wear using DEM[J].Friction,2020,8(1):136-150.
9Sher MUHAMMAD,Muhammad SAJJAD,Sultan Habibullah KHAN,Muhammad SHAHID,Muhammad ZUBAIR,Faisal Saeed AWAN,Azeem iqbal KHAN,Muhammad Salman MUBARAK,Ayesha TAHIR,Muhammad UMER,Rumana KEYANI,Muhammad InamAFZAL,Irfan MANZOOR,Javed Iqbal WATTOO,Aziz-ur REHMAN.Genome-wide association analysis for stripe rust resistance in spring wheat(Triticum aestivum L.) germplasm[J].Journal of Integrative Agriculture,2020,19(8):2035-2043.
10Luning Sun,Jian-Xun Wang.Physics-constrained bayesian neural network for fluid flow reconstruction with sparse and noisy data[J].Theoretical & Applied Mechanics Letters,2020,10(3):161-169. 被引量：11

Tsinghua Science and Technology

2020年第5期

浏览历史

内容加载中请稍等...