Predicting Buffer Overflow Vulnerabilities through Mining Light-Weight Static Code Attributes

Bindu Madhavi Padmanabhuni; Hee Beng Kuan Tan

doi:10.1109/ISSREW.2014.26

2014 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

Predicting Buffer Overflow Vulnerabilities through Mining Light-Weight Static Code Attributes

Year: 2014, Pages: 317-322

DOI Bookmark: 10.1109/ISSREW.2014.26

Authors

Bindu Madhavi Padmanabhuni, School of Electrical and Electronic Engineering, Nanyang Technological University, Singapore, Singapore
Hee Beng Kuan Tan, School of Electrical and Electronic Engineering, Nanyang Technological University, Singapore, Singapore

Abstract

Static code attributes are widely used in defect prediction studies as an abstraction model because they capture general properties of the program. To counter buffer overflow exploits, programmers use buffer size checking and input validation schemes. In this paper, we propose light-weight static code attributes that can be extracted easily, to characterize buffer overflow safety mechanisms and input validation checks implemented in the code for predicting buffer overflows. We then use data mining methods on the collected static code attributes to predict buffer overflows in application programs. In our experiments across five applications, our best classifier could achieve a recall of 95% and precision over 80% suggesting that our proposed static code attributes are effective indicators in predicting buffer overflows.

Like what you’re reading?

Already a member?

Get this article FREE with a new membership!

Auditing Buffer Overflow Vulnerabilities Using Hybrid Static-Dynamic Analysis
2014 IEEE 38th Annual Computer Software and Applications Conference (COMPSAC)
Light-Weight Rule-Based Test Case Generation for Detecting Buffer Overflow Vulnerabilities
2015 IEEE/ACM 10th International Workshop on Automation of Software Test (AST)
Protecting Global and Static Variables from Buffer Overflow Attacks
2009 International Conference on Availability, Reliability and Security
Buffer Overflow Vulnerability Prediction from x86 Executables Using Static Analysis and Machine Learning
2015 IEEE 39th Annual Computer Software and Applications Conference (COMPSAC)
Defeating Buffer Overflow: A Trivial but Dangerous Bug
IT Professional
Defending against Buffer-Overflow Vulnerabilities
Computer
BOFSanitizer: Efficient locator and detector for buffer overflow vulnerability
2021 IEEE 23rd Int Conf on High Performance Computing & Communications; 7th Int Conf on Data Science & Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys)
Locating Buffer Overflow Vulnerabilities Based on Sensitive Functions
2022 International Conference on Computer Network, Electronic and Automation (ICCNEA)
Prevention Method for Stack Buffer Overflow Attack in TA Command Calls in OP-TEE
2023 Eleventh International Symposium on Computing and Networking Workshops (CANDARW)
Buffer Access Monitoring for Enhanced Buffer Overflow Detection in Fuzzing
2024 32nd International Conference on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS)

Predicting Buffer Overflow Vulnerabilities through Mining Light-Weight Static Code Attributes

Authors

Abstract

Related Articles