Open Access

ARTICLE

A Security Sensitive Function Mining Approach Based on Precondition Pattern Analysis

Zhongxu Yin^{1, *}, Yiran Song², Huiqin Chen³, Yan Cao⁴

1 State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, 450001, China.
2 Henan University of Animal Husbandry & Economy, Zhengzhou, 450046, China.
3 University of Michigan Transportation Research Institute, Michigan, 48109-2150, USA.
4 Zhengzhou University, Zhengzhou, 450001, China.

* Corresponding Author: Zhongxu Yin. Email: .

Computers, Materials & Continua 2020, 63(2), 1013-1029. https://doi.org/10.32604/cmc.2020.09345

Received 05 December 2019; Accepted 18 December 2019; Issue published 01 May 2020

Abstract

Security-sensitive functions are the basis for building a taint-style vulnerability model. Current approaches for extracting security-sensitive functions either don’t analyze data flow accurately, or not conducting pattern analyzing of conditions, resulting in higher false positive rate or false negative rate, which increased manual confirmation workload. In this paper, we propose a security sensitive function mining approach based on preconditon pattern analyzing. Firstly, we propose an enhanced system dependency graph analysis algorithm for precisely extracting the conditional statements which check the function parameters and conducting statistical analysis of the conditional statements for selecting candidate security sensitive functions of the target program. Then we adopt a precondition pattern mining method based on conditional statements nomalizing and clustering. Functions with fixed precondition patterns are regarded as security-sensitive functions. The experimental results on four popular open source codebases of different scales show that the approach proposed is effective in reducing the false positive rate and false negative rate for detecting security sensitive functions.

---

Keywords

---