Title :
Software vulnerability detection using genetic algorithm and dynamic taint analysis
Author :
Bo Shuai ; Mengjun Li ; Haifeng Li ; Quan Zhang ; Chaojing Tang
Author_Institution :
Sch. of Electron. Sci. & Eng., Nat. Univ. of Defense Technol., Changsha, China
Abstract :
In order to solve the problems of traditional Fuzzing technique for software vulnerability detection, this paper proposes a novel method based on genetic algorithm and dynamic taint analysis. First, static analysis is applied to calculate the critical path information, including danger functions, high cyclomatic number functions and loop structures. Second, dynamic taint analysis is introduced to identify the key bytes to reduce the input space. Third, the genetic algorithm fitness function is constructed based on the critical path information to guide the test case generation and the genetic operators are executed on the reduced input space. Experiments show that the method could obtain higher vulnerability detection accuracy and efficiency.
Keywords :
genetic algorithms; program control structures; program diagnostics; program testing; security of data; critical path information; cyclomatic number functions; danger functions; dynamic taint analysis; fitness function; fuzzing technique; genetic algorithm; genetic operators; loop structures; software vulnerability detection; static analysis; test case generation; vulnerability detection accuracy; Digital audio players; Educational institutions; Genetic algorithms; Heuristic algorithms; Security; Software; Testing; critical path; dynamic taint analysis; genetic algorithm; key byte;
Conference_Titel :
Consumer Electronics, Communications and Networks (CECNet), 2013 3rd International Conference on
Conference_Location :
Xianning
Print_ISBN :
978-1-4799-2859-0
DOI :
10.1109/CECNet.2013.6703400
