A Buffer Overflow Prediction Approach Based on Software Metrics and Machine Learning
Buffer overflow vulnerability is the most common and serious type of vulnerability in software today, as network security issues have become increasingly critical. To alleviate the security threat, many vulnerability mining methods based on static and dynamic analysis have been developed. However, t...
Gespeichert in:
| Veröffentlicht in: | Security and communication networks Jg. 2019; H. 2019; S. 1 - 13 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Journal Article |
| Sprache: | Englisch |
| Veröffentlicht: |
Cairo, Egypt
Hindawi Publishing Corporation
01.01.2019
Hindawi John Wiley & Sons, Inc |
| Schlagworte: | |
| ISSN: | 1939-0114, 1939-0122 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | Buffer overflow vulnerability is the most common and serious type of vulnerability in software today, as network security issues have become increasingly critical. To alleviate the security threat, many vulnerability mining methods based on static and dynamic analysis have been developed. However, the current analysis methods have problems regarding high computational time, low test efficiency, low accuracy, and low versatility. This paper proposed a software buffer overflow vulnerability prediction method by using software metrics and a decision tree algorithm. First, the software metrics were extracted from the software source code, and data from the dynamic data stream at the functional level was extracted by a data mining method. Second, a model based on a decision tree algorithm was constructed to measure multiple types of buffer overflow vulnerabilities at the functional level. Finally, the experimental results showed that our method ran in less time than SVM, Bayes, adaboost, and random forest algorithms and achieved 82.53% and 87.51% accuracy in two different data sets. The method presented in this paper achieved the effect of accurately predicting software buffer overflow vulnerabilities in C/C++ and Java programs. |
|---|---|
| AbstractList | Buffer overflow vulnerability is the most common and serious type of vulnerability in software today, as network security issues have become increasingly critical. To alleviate the security threat, many vulnerability mining methods based on static and dynamic analysis have been developed. However, the current analysis methods have problems regarding high computational time, low test efficiency, low accuracy, and low versatility. This paper proposed a software buffer overflow vulnerability prediction method by using software metrics and a decision tree algorithm. First, the software metrics were extracted from the software source code, and data from the dynamic data stream at the functional level was extracted by a data mining method. Second, a model based on a decision tree algorithm was constructed to measure multiple types of buffer overflow vulnerabilities at the functional level. Finally, the experimental results showed that our method ran in less time than SVM, Bayes, adaboost, and random forest algorithms and achieved 82.53% and 87.51% accuracy in two different data sets. The method presented in this paper achieved the effect of accurately predicting software buffer overflow vulnerabilities in C/C++ and Java programs. Buffer overflow vulnerability is the most common and serious type of vulnerability in software today, as network security issues have become increasingly critical. To alleviate the security threat, many vulnerability mining methods based on static and dynamic analysis have been developed. However, the current analysis methods have problems regarding high computational time, low test efficiency, low accuracy, and low versatility. This paper proposed a software buffer overflow vulnerability prediction method by using software metrics and a decision tree algorithm. First, the software metrics were extracted from the software source code, and data from the dynamic data stream at the functional level was extracted by a data mining method. Second, a model based on a decision tree algorithm was constructed to measure multiple types of buffer overflow vulnerabilities at the functional level. Finally, the experimental results showed that our method ran in less time than SVM, Bayes, adaboost, and random forest algorithms and achieved 82.53% and 87.51% accuracy in two different data sets. The method presented in this paper achieved the effect of accurately predicting software buffer overflow vulnerabilities in C/C++ and Java programs. |
| Author | Wei, Zhiyao Liu, Qian Huaizhi, Yan Zheng, Zhangqi Ren, Jiadong |
| Author_xml | – sequence: 1 fullname: Wei, Zhiyao – sequence: 2 fullname: Liu, Qian – sequence: 3 fullname: Zheng, Zhangqi – sequence: 4 fullname: Ren, Jiadong – sequence: 5 fullname: Huaizhi, Yan |
| BookMark | eNqFkE1LAzEQhoMo2FZvniXgUdcm2SSbPbbFL2ipYD0vaTLRlLpbk63Ff-8uWxQE8TTD8Lwzw9NHh2VVAkJnlFxTKsSQEZoPVZpTzsQB6tE8zRNCGTv87ik_Rv0YV4RIyjPeQ4sRHm-dg4DnHxDcutrhxwDWm9pXJR5tNqHS5hWPdQSLm8lT5eqdDoBnUAdvItalxbMG8SXgKehQ-vLlBB05vY5wuq8D9Hx7s5jcJ9P53cNkNE1MKkmdKJlnzmUcOLOwTLXiQmpLFViQOWR8abglSwBNc8NTJSgXXFmiBLESmMzTAbro9jZfvm8h1sWq2oayOVkwLkSmpFAtddVRJlQxBnDFJvg3HT4LSorWW9F6K_beGpz9wo2vdaujDtqv_wpddqHGg9U7_9-J846GhgGnf2hGiSQy_QIULYeS |
| CitedBy_id | crossref_primary_10_3390_fi15050185 crossref_primary_10_1109_ACCESS_2020_3041181 crossref_primary_10_1088_1742_6596_1549_2_022064 crossref_primary_10_1016_j_jss_2023_111934 crossref_primary_10_1038_s41598_024_56871_z crossref_primary_10_1016_j_cose_2023_103247 |
| Cites_doi | 10.1016/j.compeleceng.2018.02.043 10.1016/j.sysarc.2010.06.003 10.1134/S0361768817050024 10.1109/TPAMI.2005.159 10.1109/TR.2013.2257052 |
| ContentType | Journal Article |
| Copyright | Copyright © 2019 Jiadong Ren et al. Copyright © 2019 Jiadong Ren et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0 |
| Copyright_xml | – notice: Copyright © 2019 Jiadong Ren et al. – notice: Copyright © 2019 Jiadong Ren et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0 |
| DBID | ADJCN AHFXO RHU RHW RHX AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
| DOI | 10.1155/2019/8391425 |
| DatabaseName | الدوريات العلمية والإحصائية - e-Marefa Academic and Statistical Periodicals معرفة - المحتوى العربي الأكاديمي المتكامل - e-Marefa Academic Complete Hindawi Publishing Complete Hindawi Publishing Subscription Journals Hindawi Publishing Open Access CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Technology Research Database CrossRef |
| Database_xml | – sequence: 1 dbid: RHX name: Hindawi Publishing Open Access url: http://www.hindawi.com/journals/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 1939-0122 |
| Editor | Chen, Jiageng |
| Editor_xml | – sequence: 1 givenname: Jiageng surname: Chen fullname: Chen, Jiageng |
| EndPage | 13 |
| ExternalDocumentID | 10_1155_2019_8391425 1210606 |
| GrantInformation_xml | – fundername: National Key R&D Program of China grantid: 2016YFB0800700 – fundername: National Natural Science Foundation of China grantid: 61802332; 61807028; 61772449; 61772451; 61572420; 61472341 – fundername: Natural Science Foundation of Hebei Province grantid: F2016203330 |
| GroupedDBID | .4S .DC 05W 0R~ 123 24P 31~ 3SF 4.4 52U 5DZ 66C 8-1 8UM AAESR AAEVG AAFWJ AAMMB AANHP AAONW AAZKR ACBWZ ACCMX ACGFO ACRPL ACXQS ACYXJ ADBBV ADIZJ ADJCN ADMLS ADNMO AEFGJ AEIMD AENEX AFBPY AGQPQ AGXDD AHFXO AIDQK AIDYY AJXKR ALMA_UNASSIGNED_HOLDINGS AMBMR ARCSS ASPBG ATUGU AVWKF AZFZN AZVAB BCNDV BDRZF BHBCM BNHUX BOGZA BRXPI CS3 DR2 DU5 EBS EIS EJD F1Z FEDTE G-S GODZA H13 HVGLF HZ~ IX1 LH4 LITHE LW6 MY. MY~ NNB O9- OIG OK1 P2P PUEGO ROL SUPJJ TH9 TUS W99 WBKPD XV2 1OC AAJEY AFKRA ARAPS BENPR BGLVJ CCPQU GROUPED_DOAJ HCIFZ IAO ICD ITC K7- PIMPY RHU RHW RHX AAYXX ALUQN CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c360t-8697ff74e42deb3a8456ad18ede69e74bc4d0beea19c438514548d0850d6e2693 |
| IEDL.DBID | RHX |
| ISICitedReferencesCount | 10 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000461712300001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1939-0114 |
| IngestDate | Fri Jul 25 20:52:40 EDT 2025 Tue Nov 18 20:39:32 EST 2025 Sat Nov 29 02:59:30 EST 2025 Sun Jun 02 19:15:46 EDT 2024 Thu Sep 25 15:12:33 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 2019 |
| Language | English |
| License | This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. http://creativecommons.org/licenses/by/4.0 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c360t-8697ff74e42deb3a8456ad18ede69e74bc4d0beea19c438514548d0850d6e2693 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0001-9085-4277 |
| OpenAccessLink | https://dx.doi.org/10.1155/2019/8391425 |
| PQID | 2455786589 |
| PQPubID | 1046363 |
| PageCount | 13 |
| ParticipantIDs | proquest_journals_2455786589 crossref_primary_10_1155_2019_8391425 crossref_citationtrail_10_1155_2019_8391425 hindawi_primary_10_1155_2019_8391425 emarefa_primary_1210606 |
| PublicationCentury | 2000 |
| PublicationDate | 2019-01-01 |
| PublicationDateYYYYMMDD | 2019-01-01 |
| PublicationDate_xml | – month: 01 year: 2019 text: 2019-01-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationPlace | Cairo, Egypt |
| PublicationPlace_xml | – name: Cairo, Egypt – name: London |
| PublicationTitle | Security and communication networks |
| PublicationYear | 2019 |
| Publisher | Hindawi Publishing Corporation Hindawi John Wiley & Sons, Inc |
| Publisher_xml | – name: Hindawi Publishing Corporation – name: Hindawi – name: John Wiley & Sons, Inc |
| References | (10) 2016; 7 (15) 2017; 99 16 17 4 (2) 2014 (11) 2016; e99d 9 (19) 2001 (18) 1984; 40 (13) 2014; 15 20 (7) 2005 |
| References_xml | – ident: 16 doi: 10.1016/j.compeleceng.2018.02.043 – volume: 7 start-page: 1 issue: 1 year: 2016 ident: 10 publication-title: Journal of Cryptographic Engineering – volume: 15 start-page: 622 issue: 5 year: 2014 ident: 13 publication-title: Journal of Information Engineering University – volume: 99 start-page: 1 issue: 1 year: 2017 ident: 15 publication-title: IEEE Transactions on Reliability – ident: 4 doi: 10.1016/j.sysarc.2010.06.003 – volume: e99d start-page: 2002 issue: 8 year: 2016 ident: 11 publication-title: IEICE Transaction on Information and Systems – volume: 40 issue: 3, article 356 year: 1984 ident: 18 publication-title: Biometrics – year: 2014 ident: 2 – ident: 9 doi: 10.1134/S0361768817050024 – year: 2001 ident: 19 – ident: 20 doi: 10.1109/TPAMI.2005.159 – ident: 17 doi: 10.1109/TR.2013.2257052 – start-page: 20 volume-title: A methodology for the automated identification of buffer overflow vulnerabilities in executable software without source-code year: 2005 ident: 7 |
| SSID | ssj0061474 |
| Score | 2.2319152 |
| Snippet | Buffer overflow vulnerability is the most common and serious type of vulnerability in software today, as network security issues have become increasingly... |
| SourceID | proquest crossref hindawi emarefa |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 1 |
| SubjectTerms | Accuracy Algorithms Buffers Computing time Data mining Data transmission Decision trees Embedded systems Experiments Machine learning Overflow Research methodology Security Software Software reliability Source code Support vector machines |
| Title | A Buffer Overflow Prediction Approach Based on Software Metrics and Machine Learning |
| URI | https://search.emarefa.net/detail/BIM-1210606 https://dx.doi.org/10.1155/2019/8391425 https://www.proquest.com/docview/2455786589 |
| Volume | 2019 |
| WOSCitedRecordID | wos000461712300001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVWIB databaseName: Open Access: Wiley-Blackwell Open Access Journals customDbUrl: eissn: 1939-0122 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0061474 issn: 1939-0114 databaseCode: 24P dateStart: 20170101 isFulltext: true titleUrlDefault: https://authorservices.wiley.com/open-science/open-access/browse-journals.html providerName: Wiley-Blackwell |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LS8NAEB5ssaAH8W21lj3UkwSz2c1jj1UsvbQWrdBbSLIbLdRUmtb-fWfTja8iSi5J2CxhdjPffJnhG4CW63HBOFeWbcvEQi-prICl1HLcmEnqRhSPotmE3-8Ho5EYGJGkfD2Fj2iH9JyKK8RxiturApXA1ZVb991R6XARYHyTPNalP5SX9e0_nv2GPDX1EuEJwlHtWZPf5XjNGRcI09mFHRMakvZqLfdgQ2X7sP1FMPAAhm1yvdAdTcgdbsF0Ml2SwUynWrR5Sdvog5NrhCZJ8M4DOtklvgHp6cZZSU6iTJJeUT-piJFWfTqEx87t8KZrmb4IVsI8e24FnvDT1OeKOxK5cBRgEBRJGiipPKF8Hidc2rFSERUJZxhScaQlUmvTSU85nmBHUM2mmToBwmXEuPSFiGnKWSIiR3gq4EHqM6Gkw-pwWdosTIxouO5dMQkL8uC6obZwaCxch4uP0a8rsYxfxh0b838OQ-qJXKoOLbMcf0zQKNcqNN9cHjrcRfeDEZU4_d8sZ7ClL1c_VBpQnc8W6hw2k7f5OJ81oeLwQbPYae-JVcdW |
| linkProvider | Hindawi Publishing |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Buffer+Overflow+Prediction+Approach+Based+on+Software+Metrics+and+Machine+Learning&rft.jtitle=Security+and+communication+networks&rft.au=Ren%2C+Jiadong&rft.au=Zheng%2C+Zhangqi&rft.au=Liu%2C+Qian&rft.au=Wei%2C+Zhiyao&rft.date=2019-01-01&rft.pub=John+Wiley+%26+Sons%2C+Inc&rft.issn=1939-0114&rft.eissn=1939-0122&rft.volume=2019&rft_id=info:doi/10.1155%2F2019%2F8391425&rft.externalDBID=NO_FULL_TEXT |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1939-0114&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1939-0114&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1939-0114&client=summon |