A Hybrid Approach to Detecting Security Defects in Programs

Authors:
Lian Yu;Jun Zhou;Yue Yi;Jianchu Fan;Qianxiang Wang
Affiliations:
-;-;-;-;-
Venue:
QSIC '09 Proceedings of the 2009 Ninth International Conference on Quality Software
Year:
2009

Citing 0
Cited 1

A systematic literature review of actionable alert identification techniques for automated static code analysis

Information and Software Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Static analysis works well at checking defects that clearly map to source code constructs. Model checking can find defects of deadlocks and routing loops that are not easily detected by static analysis, but faces the problem of state explosion. This paper proposes a hybrid approach to detecting security defects in programs. Fuzzy Inference System is used to infer selection among the two detection approaches. A cluster algorithm is developed to divide a large system into several clusters in order to apply model checking. Ontology based static analysis employs logic reasoning to intelligently detect the defects. We also put forwards strategies to improve performance of the static analysis. At last, we perform experiments to evaluate the accuracy and performance of the hybrid approach.