Title :
Buffer Overflow Vulnerability Prediction from x86 Executables Using Static Analysis and Machine Learning
Author :
Bindu Madhavi Padmanabhuni;Hee Beng Kuan Tan
Author_Institution :
Sch. of Electr. &
fDate :
7/1/2015 12:00:00 AM
Abstract :
Mining static code attributes for predicting software vulnerabilities has received some attention recently. There are a number of approaches for detecting vulnerabilities from source code, but commercial off the shelf components are, in general, distributed in binary form. Before using such third-party components it is imperative to check for presence of vulnerabilities. We investigate the use of static analysis and machine learning for predicting buffer overflow vulnerabilities from binaries in this study. To mitigate buffer overflows, developers typically perform size checks and input validation. We propose static code attributes characterizing buffer usage and defense mechanisms implemented in the code for preventing buffer overflows. The proposed approach starts by identifying potential vulnerable statement constructs during binary program analysis and extracts static code attributes for each of them as per proposed characterization scheme to capture buffer usage patterns and defensive mechanisms employed in the code. Data mining methods are then used on these collected code attributes for predicting buffer overflows. Our experimental evaluation on standard buffer overflow benchmark binaries shows that the proposed static code attributes are effective in predicting buffer overflow vulnerabilities.
Keywords :
"Buffer overflows","Libraries","Filling","Software","Containers","Semantics","Registers"
Conference_Titel :
Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual
Electronic_ISBN :
0730-3157
DOI :
10.1109/COMPSAC.2015.78