Computer Science

Computer Science ›› 2017, Vol. 44 ›› Issue (4): 109-113.doi: 10.11896/j.issn.1002-137X.2017.04.024

Previous Articles     Next Articles

Detection Approach for Security Vulnerability Based on Pattern Matching

MIAO Xu-dong, WANG Yong-chun, CAO Xing-chen and FANG Feng   

  • Online:2018-11-13 Published:2018-11-13

PDF (PC)

1303

Abstract: For the conditions that most of the existing software vulnerability static detecting tools cannot detect vulnerabilities that users care,this paper proposed a vulnerability detection method based on pattern matching.First,the source code which is going to be tested is parsed,and the code is transformed into intermediate representation which is stored in the user-defined data structure.Then,the vulnerability is described and the safety rules is parsed by using safety rule languages,and they are converted into corresponding automata model which can be stored in memory.Finally,the source code intermediate representation and safety rule should be for pattern matching,and the automata state should be transformed.And we need to submit the report based on the automata state to users.The experimental results show that this method has a low missing report rate and good expansibility.

Key words: Safety regulations,Pattern matching,Vulnerability detection,Static analysis

[1] JUENEMAN R R.Securing wireless medicine confidentiality,integrity,nonrepudiation,& malware prevention[C]∥2011 8th International Conference & Expo on Emerging Technologies for a Smarter World (CEWIT).IEEE,2011:1-5.
[2] ALBREIKI H H,MAHMOUD Q H.Evaluation of static analysis tools for software security[C]∥2014 10th International Conference on Innovations in Information Technology (INNOVATIONS).IEEE,2014:93-98.
[3] EGELE M,SCHOLTE T,KIRDA E,et al.A survey on automated dynamic malware-analysis techniques and tools [J].ACM Computing Surveys (CSUR),2012,44(2):6.
[4] STANCU C,WIMMER C,BRUNTHALER S,et al.Comparing points-to static analysis with runtime recorded profiling data[C]∥Proceedings of the 2014 International Conference on Principles and Practices of Programming on the Java platform:Virtual machines,Languages,and Tools.ACM,2014:157-168.
[5] CHELF B,ENGLER D,HALLEM S.How to Write System- specific,Static Checkers in Metal[C]∥Proceedings of the 2002 ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering.Charleston,SC,USA.ACM,2003:51-60.
[6] HALLEM S,CHELF B,XIE Y,et al.A system and language for building system-specific,static analyses[C]∥Proceedings of the ACM SIGPLAN Conference on Programming language Design and Implementation.ACM,2002:69-82.
[7] ARAUJO J E,SOUZA S,VALENTE M T.Study on the relevance of the warnings reported by Java bug-finding tools [J].IET Software,2011,5(4):366-374.
[8] KIM Y,KIM M,KIM Y J,et al.Industrial application of conco-lic testing approach:A case study on libexif by using CREST-BV and KLEE[C]∥2012 34th International Conference on Software Engineering (ICSE).IEEE,2012:1143-1152.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.