Automatic Mining of Security-Sensitive Functions from Source Code

When dealing with the large-scale program,many automatic vulnerability mining techniques encounter such problems as path explosion,state explosion,and low efficiency.Decomposition of large-scale programs based on safety-sensitive functions helps solve the above problems.And manual identification of security-sensitive functions is a tedious task,especially for the large-scale program.This study proposes a method to mine security-sensitive functions the arguments of which need to be checked before they are called.Two argument-checking identification algorithms are proposed based on the analysis of two implementations of argument checking.Based on these algorithms,security-sensitive functions are detected based on the ratio of invocation instances the arguments of which have been protected to the total number of instances.The results of experiments on three well-known open-source projects show that the proposed method can outperform competing methods in the literature.

Design and Implementation of Verification Code Identification Based on Anisotropic Heat Kernel

Many websites use verification codes to prevent users from using the machine automatically to register,login,malicious vote or irrigate but it brought great burden to the enterprises involved in internet marketing as entering the verification code manually.Improving the verification code security system needs the identification method as the corresponding testing system.We propose an anisotropic heat kernel equation group which can generate a heat source scale space during the kernel evolution based on infinite heat source axiom,design a multi-step anisotropic verification code identification algorithm which includes core procedure of building anisotropic heat kernel,settingwave energy information parameters,combing outverification codccharacters and corresponding peripheral procedure of gray scaling,binarizing,denoising,normalizing,segmenting and identifying,give out the detail criterion and parameter set.Actual test show the anisotropic heat kernel identification algorithm can be used on many kinds of verification code including text characters,mathematical,Chinese,voice,3D,programming,video,advertising,it has a higher rate of 25%and 50%than neural network and context matching algorithm separately for Yahoo site,49%and 60%for Captcha site,20%and 52%for Baidu site,60%and 65%for 3DTakers site,40%,and 51%.for MDP site.

A Security Sensitive Function Mining Approach Based on Precondition Pattern Analysis

Security-sensitive functions are the basis for building a taint-style vulnerability model.Current approaches for extracting security-sensitive functions either don’t analyze data flow accurately,or not conducting pattern analyzing of conditions,resulting in higher false positive rate or false negative rate,which increased manual confirmation workload.In this paper,we propose a security sensitive function mining approach based on preconditon pattern analyzing.Firstly,we propose an enhanced system dependency graph analysis algorithm for precisely extracting the conditional statements which check the function parameters and conducting statistical analysis of the conditional statements for selecting candidate security sensitive functions of the target program.Then we adopt a precondition pattern mining method based on conditional statements nomalizing and clustering.Functions with fixed precondition patterns are regarded as security-sensitive functions.The experimental results on four popular open source codebases of different scales show that the approach proposed is effective in reducing the false positive rate and false negative rate for detecting security sensitive functions.