We present a method for vulnerability extrapolation to identify vulnerable functions in source code. Given a known vulnerable function, the proposed method extrapolates to find similar functions in the code base. Vulnerability extrapolation is based on the observation that given a starting vulnerability, similar behavior may be present in many other functions. In order to capture similarity, we represent functions in terms of syntactic and semantic patterns. These patterns are based on several code features like API usage pattern, argument types and control flow graph (CFG) of the functions. We employ a recent technique, called graph kernel to compute similarity directly on the CFGs of functions. We empirically demonstrate the capabilities of the proposed method by evaluating real-world applications to identify vulnerabilities.
CITATION STYLE
Jain, L., Chandran, A., Rawat, S., & Srinathan, K. (2016). Discovering vulnerable functions by extrapolation: A control-flow graph similarity based approach. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10063 LNCS, pp. 532–542). Springer Verlag. https://doi.org/10.1007/978-3-319-49806-5_32
Mendeley helps you to discover research relevant for your work.