Visible to the public Predicting buffer overflow using semi-supervised learning

TitlePredicting buffer overflow using semi-supervised learning
Publication TypeConference Paper
Year of Publication2016
AuthorsMeng, Q., Shameng, Wen, Chao, Feng, Chaojing, Tang
Conference Name2016 9th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI)
Keywords22-dimension vector extraction, Antlr, Arrays, AST, buffer overflow, buffer overflow vulnerability prediction, Buffer overflows, Buffer storage, C/C++ source files, classifier training, Clustering algorithms, Complexity theory, compositionality, Human Behavior, human factors, Indexes, learning (artificial intelligence), machine learning, Metrics, pattern classification, pubcrawl, Resiliency, security of data, semi-supervised learning, Semisupervised learning, software security, Taxonomy, vulnerability detection

As everyone knows vulnerability detection is a very difficult and time consuming work, so taking advantage of the unlabeled data sufficiently is needed and helpful. According the above reality, in this paper a method is proposed to predict buffer overflow based on semi-supervised learning. We first employ Antlr to extract AST from C/C++ source files, then according to the 22 buffer overflow attributes taxonomies, a 22-dimension vector is extracted from every function in AST, at last, the vector is leveraged to train a classifier to predict buffer overflow vulnerabilities. The experiment and evaluation indicate our method is correct and efficient.

Citation Keymeng_predicting_2016