Auditing buffer overflow vulnerabilities using hybrid static–dynamic analysis

Auditing buffer overflow vulnerabilities using hybrid static–dynamic analysis

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Software — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Buffer overflow (BOF) vulnerabilities when present in code can be exploited to violate security objectives such as availability, confidentiality and integrity. They make up substantial portion of input manipulation attacks due to their common presence and ease of exploitation. In this study, the authors propose a hybrid approach combining static and dynamic program analysis with machine learning to audit BOFs. Simple rules to generate test data is proposed to confirm some of the vulnerabilities through dynamic analysis. Confirmed cases can be fixed by developers without further verification. Statements whose vulnerability is not confirmed by dynamic analysis are predicted by mining static code attributes. In the authors’ evaluation using standard benchmarks, their best classifier achieved a recall over 93% and accuracy >94%. Dynamic analysis itself confirmed 34% of known vulnerabilities along with reporting six new bugs, thereby reducing by third, otherwise needed manual auditing effort.

Related content

This is a required field
Please enter a valid email address