SinkFinder: Harvesting Hundreds of Unknown Interesting Function Pairs with Just One Seed
Mastering the knowledge about security-sensitive functions that can potentially result in bugs is valuable to detect them. However, identifying this kind of functions is not a trivial task. Introducing machine learning-based techniques to do the task is a natural choice. Unfortunately, the approach also requires considerable prior knowledge, e.g., sufficient labelled training samples. In practice, the requirement is often hard to meet.
In this paper, to solve the problem, we propose a novel and practical method called SinkFinder to automatically discover function pairs that we are interested in, which only requires very limited prior knowledge. SinkFinder first takes just one pair of well-known interesting functions as the initial seed to infer enough positive and negative training samples by means of sub-word word embedding. By using these samples, a support vector machine classifier is trained to identify more interesting function pairs. Finally, checkers equipped with the obtained knowledge can be easily developed to detect bugs in target systems. The experiments demonstrate that SinkFinder can successfully discover hundreds of interesting functions and detect dozens of previously unknown bugs from large-scale systems, such as Linux, OpenSSL and PostgreSQL.
Tue 10 NovDisplayed time zone: (UTC) Coordinated Universal Time change
08:30 - 09:00
|An Evaluation of Methods to Port Legacy Code to SGX Enclaves|
Kripa Shanker Indian Institute of Science, Bangalore, Arun Joseph Indian Institute of Science, India, Vinod Ganapathy Indian Institute of Science, IndiaDOI Pre-print File Attached
|How Does Refactoring Impact Security When Improving Quality? A Security-Aware Refactoring Approach|
|Improving Cybersecurity Hygiene through JIT Patching|
|Search-Based Adversarial Testing and Improvement of Constrained Credit Scoring Systems|
Salah Ghamizi University of Luxembourg, Luxembourg, Maxime Cordy University of Luxembourg, Luxembourg, Martin Gubri University of Luxembourg, Luxembourg, Mike Papadakis University of Luxembourg, Luxembourg, Andrey Boystov University of Luxembourg, Luxembourg, Yves Le Traon University of Luxembourg, Luxembourg, Anne Goujon BGL BNP Paribas, LuxembourgDOI Pre-print
|SinkFinder: Harvesting Hundreds of Unknown Interesting Function Pairs with Just One Seed|
Pan Bian Renmin University of China, China, Bin Liang Renmin University of China, China, Jianjun Huang Renmin University of China, China, Wenchang Shi Renmin University of China, China, Xidong Wang Renmin University of China, China, Jian Zhang Institute of Software at Chinese Academy of Sciences, ChinaDOI
|Taking the Middle Path: Learning About Security Through Online Social Interaction|
|Conversations on Security|
Frederico Araujo IBM T.J. Watson Research Center, New York, USA, Kripa Shanker Indian Institute of Science, Bangalore, Pan Bian Renmin University of China, China, Salah Ghamizi SntT - University of Luxembourg, Tamara Lopez The Open University, Chaima Abid University of Michigan, M: Ben Hermann Technical University Dortmund