Research Article
ISA: A Source Code Static Vulnerability Detection System Based on Data Fusion
@INPROCEEDINGS{10.4108/infoscale.2007.910, author={Deguang Kong and Quan Zheng and Chao Chen and Jianmei Shuai and Ming Zhu}, title={ISA: A Source Code Static Vulnerability Detection System Based on Data Fusion}, proceedings={2nd International ICST Conference on Scalable Information Systems}, proceedings_a={INFOSCALE}, year={2010}, month={5}, keywords={Static analysis Vulnerability Data fusion.}, doi={10.4108/infoscale.2007.910} }- Deguang Kong
Quan Zheng
Chao Chen
Jianmei Shuai
Ming Zhu
Year: 2010
ISA: A Source Code Static Vulnerability Detection System Based on Data Fusion
INFOSCALE
ICST
DOI: 10.4108/infoscale.2007.910
Abstract
Static analysis is a kind of effective method to detect the vulnerabilities in the software. Without running the programs, static analysis tools can be used to automatically discover unknown bugs. To cope with the problem of high false positives and false negatives in source code static analysis methods, this paper presents a source code static analysis technology for vulnerability detection based on data fusion. By parsing and making data fusion on the outcome of different static analysis methods, this technology lets different results validate each other, which greatly decreases the false positives and false negatives. Brief explanations are given to support this method. A prototype system of scalable source code analysis system (ISA for short) is designed and implemented which also can automatically search for the best result based on feedback of the user interaction. The whole system is scalable and platform-independent. It is proved by experiment that this method has a better performance with lower false positives and false negatives and higher efficiency compared with one single method.
