Abstract

Here in this paper the discovery of Vulnerabilities in the Source Codes is proposed. The Proposed Methodology applied is based on the Concept of Fuzzy Based Decision Tree. The Methodology adopted here for the Checking of Codes Vulnerabilities provides efficient discovery of Vulnerabilities and hence provides improved performance and high precision and Recall. The Proposed Methodology Audits the source code and searches the possible vulnerabilities on the basis of Rules generated Fuzzy Decision Tree. Various Experimental results are achieved on numerous datasets and shows that the proposed methodology provides better accuracy in comparison.

References

• Jun Cai, Jinquan Men, Automatic Software Vulnerability Detection Based on Guided Deep Fuzzing”, IEEE 2014.
• S. Heelan. Vulnerability detection systems: Think cyborg, not robot. IEEE Security & Privacy, 9(3):74–77, 2011.
• Hong-Zu Chou, I-Hui Lin, Ching-Sung Yang, Kai-Hui Chang, and SyYenKuo. Enhancing bug hunting using high-level symbolic simulation. In Proceedings of the 19th ACM Great Lakes symposium on VLSI, GLSVLSI ’09, pages 417–420, NewYork, NY, USA, 2009.
• Patrice Godefroid, Michael Y. Levin, and David Molnar. Sage: Whitebox fuzzing for security testing. Queue, 10(1):20:20–20:27, January 2012.
• Daniel Quinlan and Thomas Panas.Source code and binary analysis of software defects. In Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, CSIIRW ’09, pages 40:1–40:4, New York, NY, USA, 2009.
• Cadar, C., Dunbar, D., and Engler, D. R. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proc. of USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2008.
• Li, Z., Lu, S., Myagmar, S., and Zhou, Y. (2006).Cp-miner: Finding copy-paste and related bugs in large-scale software code. IEEE Transactions on Software Engineering, 32:176-192
• Ferreira AL, Machado RJ, Paulk MC. Size and complexity attributes for multimodal improvement framework taxonomy. Software Engineering and Advanced Applications (SEAA), 2010 36th EUROMICRO Conference on.2010; 306–309. DOI: 10.1109/ICSEA.2009.80.
• M. Gegick, L. Williams, J. Osborne and M. Vouk, “Prioritizing software security fortification through code-level metrics”, In Proceedings of the 4th ACM workshop on Quality of protection, pages 31–38. ACM, (2008).
• K.-S. Joo and J.-W. Woo, “Development of object-oriented analysis and design methodology for secure web applications”, International Journal of Security and Its Applications, vol. 8, no. 1, (2014), pp. 71–80.
• Y. Shin, A. Meneely, L. Williams and J. Osborne, “Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities”, IEEE Transactions on Software Engineering, vol. 37, no. 6, (2011), pp. 772–787.
• Wheeler, David A. and Rama S. Moorthy, “SOAR for Software Vulnerability Detection, test and Evaluation,” IDA paper P-5061, July 2014.
• I. Chowdhury and M. Zulkernine, “Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities”, Journal of Systems Architecture, vol. 57, no. 3, (2011), pp. 294–313.
• I. Medeiros, N. F. Neves and M. Correia, “Automatic detection and correction of web application vulnerabilities using data mining to predict false positives”, In Proceedings of the 23rd international conference on World wide web, ACM, (2014), pp. 63–74.
• Siviy J, Kirwan P, Marino L, Morley J. Maximizing your process improvement ROI through harmonization. 2008; Available from: http://www.sei.cmu.edu/library/assets/multimodelExecutive_wp_harmonizationROI_032008_v1.pdf [27 February 2009].