Open Access
ARTICLE
A Security Sensitive Function Mining Approach Based on Precondition Pattern Analysis
Zhongxu Yin1, *, Yiran Song2, Huiqin Chen3, Yan Cao4
1 State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, 450001, China.
2 Henan University of Animal Husbandry & Economy, Zhengzhou, 450046, China.
3 University of Michigan Transportation Research Institute, Michigan, 48109-2150, USA.
4 Zhengzhou University, Zhengzhou, 450001, China.
* Corresponding Author: Zhongxu Yin. Email: .
Computers, Materials & Continua 2020, 63(2), 1013-1029. https://doi.org/10.32604/cmc.2020.09345
Received 05 December 2019; Accepted 18 December 2019; Issue published 01 May 2020
Abstract
Security-sensitive functions are the basis for building a taint-style vulnerability
model. Current approaches for extracting security-sensitive functions either don’t analyze
data flow accurately, or not conducting pattern analyzing of conditions, resulting in
higher false positive rate or false negative rate, which increased manual confirmation
workload. In this paper, we propose a security sensitive function mining approach based
on preconditon pattern analyzing. Firstly, we propose an enhanced system dependency
graph analysis algorithm for precisely extracting the conditional statements which check
the function parameters and conducting statistical analysis of the conditional statements
for selecting candidate security sensitive functions of the target program. Then we adopt
a precondition pattern mining method based on conditional statements nomalizing and
clustering. Functions with fixed precondition patterns are regarded as security-sensitive
functions. The experimental results on four popular open source codebases of different
scales show that the approach proposed is effective in reducing the false positive rate and
false negative rate for detecting security sensitive functions.
Keywords
Cite This Article
Z. Yin, Y. Song, H. Chen and Y. Cao, "A security sensitive function mining approach based on precondition pattern analysis,"
Computers, Materials & Continua, vol. 63, no.2, pp. 1013–1029, 2020. https://doi.org/10.32604/cmc.2020.09345