{"title":"基于SVM的缓冲区边界违规检测","authors":"Qingkun Meng, Bin Zhang, Chao Feng, Chaojing Tang","doi":"10.1109/ICISCE.2016.76","DOIUrl":null,"url":null,"abstract":"In this paper a new vulnerability detecting method is proposed to detect buffer boundary violations. The main idea is to use the metric of array index manipulation rather than using any heuristic method. We employ a SVM-based classifier to classify the vulnerable functions and innocent functions. Then the vulnerable functions are fed to function call graph guided symbolic execution to precisely determine whether they are true vulnerability or not. By the above measures, buffer boundary violations can be detected precisely and efficiently.","PeriodicalId":6882,"journal":{"name":"2016 3rd International Conference on Information Science and Control Engineering (ICISCE)","volume":"28 1","pages":"313-316"},"PeriodicalIF":0.0000,"publicationDate":"2016-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Detecting Buffer Boundary Violations Based on SVM\",\"authors\":\"Qingkun Meng, Bin Zhang, Chao Feng, Chaojing Tang\",\"doi\":\"10.1109/ICISCE.2016.76\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper a new vulnerability detecting method is proposed to detect buffer boundary violations. The main idea is to use the metric of array index manipulation rather than using any heuristic method. We employ a SVM-based classifier to classify the vulnerable functions and innocent functions. Then the vulnerable functions are fed to function call graph guided symbolic execution to precisely determine whether they are true vulnerability or not. By the above measures, buffer boundary violations can be detected precisely and efficiently.\",\"PeriodicalId\":6882,\"journal\":{\"name\":\"2016 3rd International Conference on Information Science and Control Engineering (ICISCE)\",\"volume\":\"28 1\",\"pages\":\"313-316\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-07-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 3rd International Conference on Information Science and Control Engineering (ICISCE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICISCE.2016.76\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 3rd International Conference on Information Science and Control Engineering (ICISCE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICISCE.2016.76","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In this paper a new vulnerability detecting method is proposed to detect buffer boundary violations. The main idea is to use the metric of array index manipulation rather than using any heuristic method. We employ a SVM-based classifier to classify the vulnerable functions and innocent functions. Then the vulnerable functions are fed to function call graph guided symbolic execution to precisely determine whether they are true vulnerability or not. By the above measures, buffer boundary violations can be detected precisely and efficiently.