ISA: A source code static vulnerability detection system based on data fusion

8Citations
Citations of this article
23Readers
Mendeley users who have this article in their library.

Abstract

Static analysis is a kind of effective method to detect the vulnerabilities in the software. Without running the programs, static analysis tools can be used to automatically discover unknown bugs. To cope with the problem of high false positives and false negatives in source code static analysis methods, this paper presents a source code static analysis technology for vulnerability detection based on data fusion. By parsing and making data fusion on the outcome of different static analysis methods, this technology lets different results validate each other, which greatly decreases the false positives and false negatives. Brief explanations are given to support this method. A prototype system of scalable source code analysis system (ISA for short) is designed and implemented which also can automatically search for the best result based on feedback of the user interaction. The whole system is scalable and platform-independent. It is proved by experiment that this method has a better performance with lower false positives and false negatives and higher efficiency compared with one single method.

Cite

CITATION STYLE

APA

Kong, D., Zheng, Q., Chen, C., Shuai, J., & Zhu, M. (2007). ISA: A source code static vulnerability detection system based on data fusion. In ACM International Conference Proceeding Series (Vol. 06-08-June-2007). Association for Computing Machinery. https://doi.org/10.4108/infoscale.2007.910

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free