Table of Content

Open AccessOpen Access


A Security Sensitive Function Mining Approach Based on Precondition Pattern Analysis

Zhongxu Yin1, *, Yiran Song2, Huiqin Chen3, Yan Cao4

1 State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, 450001, China.
2 Henan University of Animal Husbandry & Economy, Zhengzhou, 450046, China.
3 University of Michigan Transportation Research Institute, Michigan, 48109-2150, USA.
4 Zhengzhou University, Zhengzhou, 450001, China.

* Corresponding Author: Zhongxu Yin. Email: .

Computers, Materials & Continua 2020, 63(2), 1013-1029.


Security-sensitive functions are the basis for building a taint-style vulnerability model. Current approaches for extracting security-sensitive functions either don’t analyze data flow accurately, or not conducting pattern analyzing of conditions, resulting in higher false positive rate or false negative rate, which increased manual confirmation workload. In this paper, we propose a security sensitive function mining approach based on preconditon pattern analyzing. Firstly, we propose an enhanced system dependency graph analysis algorithm for precisely extracting the conditional statements which check the function parameters and conducting statistical analysis of the conditional statements for selecting candidate security sensitive functions of the target program. Then we adopt a precondition pattern mining method based on conditional statements nomalizing and clustering. Functions with fixed precondition patterns are regarded as security-sensitive functions. The experimental results on four popular open source codebases of different scales show that the approach proposed is effective in reducing the false positive rate and false negative rate for detecting security sensitive functions.


Cite This Article

Z. Yin, Y. Song, H. Chen and Y. Cao, "A security sensitive function mining approach based on precondition pattern analysis," Computers, Materials & Continua, vol. 63, no.2, pp. 1013–1029, 2020.

This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 1311


  • 986


  • 0


Share Link

WeChat scan