This article presents a novel method for detecting copied code fragments called clones, which is then utilized to identify known common vulnerabilities and exposures copies. The proposed method is versatile and applic...
详细信息
This article presents a novel method for detecting copied code fragments called clones, which is then utilized to identify known common vulnerabilities and exposures copies. The proposed method is versatile and applicable to both source and binary code. It overcomes the limitations of existing tools that typically focus on detecting entire function clones and specializing in either source or binary code, but not both. The method outputs all the detected clones by comparing the provided code fragment against the target project. It employs program dependence graphs-a data structure that unifies data and control dependencies for the function to achieve high accuracy. Experimental evaluations of real-world projects and benchmarks demonstrate the high precision of the proposed method. Furthermore, we successfully applied this method to detect clones of known common vulnerabilities and exposures in source code and uncovered vulnerabilities in actual software. The detected vulnerabilities were confirmed by the community, validating the effectiveness of the proposed method.
Nowadays, in Android ecosystem, to bypass current malware detections, adversaries often distribute the malicious and sensitive functions into different apps. These apps collude to conduct some malicious activities, su...
详细信息
Software developers often copy and paste code within a project. Due to the possible existence of defects in the initial code fragment, this can lead to defects propagation across the project. Software changes in new v...
详细信息
ISBN:
(纸本)9781728146232
Software developers often copy and paste code within a project. Due to the possible existence of defects in the initial code fragment, this can lead to defects propagation across the project. Software changes in new version (patches) usually contain bug fixes, which can be used for detecting similar defects in a project. The purpose of this work is to develop method for analyzing the nature of patches between versions of executables and finding unpatched code fragments. At first, two versions of executables are compared for finding common and changed parts of code. Then, the method determines patches that can possibly be fixes of bugs. The final step is detection of unpatched code fragments. It is based on finding all clones of the buggy code fragments found in previous step which are not patched in the new version of the program. These fragments possibly contain defects. Developed tool allows to analyze programs of several architectures (x86, x86-64, arm, mips, powerpc). The experimental results show that the average percentage of true positive rate on the CoreBench test suite is 73%.
暂无评论