Write a Blog >>
Thu 5 Nov 2020 16:20 - 16:40 at Virtual room 1 - Defect

Vulnerability detection is an important challenge in the security community. Many different techniques have been proposed, ranging from symbolic execution to fuzzing in order to help in identifying vulnerabilities. Even though there has been considerable improvement in these approaches, they perform poorly on a large scale code basis. There has also been an alternate approach, where metrics are calculated on the overall code structure with the hope of identifying code segments more prone to vulnerabilities. The logic has been that more complex code, will be more likely to contain vulnerabilities.

In this paper, we conduct an empirical study with a large dataset of vulnerable codes to discuss if we can change the way we measure metrics to improve vulnerability characterization. More specifically, we introduce vulnerable slices as vulnerable code units to measure the software metrics and then use these new measured metrics to classify vulnerable code. The result shows that vulnerable slices significantly increase the accuracy of vulnerability characterization. Further, we utilized vulnerable slices to analyze the distribution of known vulnerability, particularly to observe how by using vulnerable slices the size and complexity changes in real-world vulnerabilities.

Thu 5 Nov
Times are displayed in time zone: (UTC) Coordinated Universal Time change

16:00 - 16:40: DefectPROMISE 2020 at Virtual room 1
16:00 - 16:20
Software Defect Prediction using Tree-Based Ensembles
Hamoud AljamaanKing Fahd University of Petroleum and Minerals, Amal AlazbaKing Saud University
16:20 - 16:40
Improving Real-World Vulnerability Characterization with Vulnerable Slices
Solmaz SalimiSharif University of Technology, Maryam EbrahimzadehSharif University of Technology, Mehdi KharraziSharif University of Technology