-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprevious.tex
29 lines (23 loc) · 2.45 KB
/
previous.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
\section{Previous Research}
\label{section:previous}
How to detect vulnerabilities in software has been studied long and diverse methods have been introduced such as static or dynamic analysis, formal verification, and a variant of bug detection methods.
In this section I will introduce three types of typical previous research, static analysis, dynamic analysis, and metric-based vulnerability detection,
and motivate the need for a new means of vulnerability detection by showing their limitations.
\subsection{Static Analysis}
Static analysis is a way of analysing software without running the software itself.
This includes symbolic execution such as KLEE \cite{cadar2008klee}, which determines what input leads to certain part of the program by using symbolic values for variables.
It can detect vulnerability with specific attack vector and clearly show how it exploits the program.
However symbolic execution has limitation known as path explosion which makes using symbolic execution on large softwares practically infeasible.
Other methods of static analysis include formal verification, which proves program specification based on mathematical design.
Although being applied in recent softwares \cite{rustbelt}, formal verification has difficulty of designing program specifications into mathematical form and proving them, both of which cannot be done in automated way.
\subsection{Dynamic Analysis}
In contrast to static analysis, dynamic analysis executes the software for analysis and observes its behaviour.
Dynamic analysis can be used in memory error detection \cite{valgrind}, software testing associated with code coverage \cite{huang2015code},
or analysing program behaviour \cite{newsome2005dynamic, enck2014taintdroid}.
However dynamic analysis requires manual specification of detection, which makes automating dynamic analysis difficult.
Moreover, they cannot consider every possible attack vectors.
\subsection{Metric-based Analysis}
Metric-based detection method uses code features such as lines of code(LoC) or function call dependency to detect vulnerabilities.
Neuhaus et al. \cite{neuhaus2007predicting} designed predictor detecting vulnerable components based on function calls.
Despite metric-based detection can be executed fast, it lacks detection granularity and accuracy.
Other recent research includes detecting buffer overruns from source code using neural memory networks \cite{choi2017end}, however it cannot be extended to general types of vulnerabilities.