2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE) 2019
DOI: 10.1109/icse.2019.00024
|View full text |Cite
|
Sign up to set email alerts
|

LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment Through Program Metrics

Abstract: Identifying potentially vulnerable locations in a code base is critical as a pre-step for effective vulnerability assessment; i.e., it can greatly help security experts put their time and effort to where it is needed most. Metric-based and pattern-based methods have been presented for identifying vulnerable code. The former relies on machine learning and cannot work well due to the severe imbalance between non-vulnerable and vulnerable code or lack of features to characterize vulnerabilities. The latter needs … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
44
0

Year Published

2020
2020
2023
2023

Publication Types

Select...
3
2
1

Relationship

0
6

Authors

Journals

citations
Cited by 80 publications
(44 citation statements)
references
References 63 publications
0
44
0
Order By: Relevance
“…LEOPARD [15] keeps queue culling yet add an additional step, prioritizing the selected inputs from queue culling by a function-level coverage metrics, rather than choosing randomly in AFL. The approach is able to cover all visited edge in each fuzzing loop, but it requires to preprocess the targeting programs for function complexity analysis and thus brings performance overhead.…”
Section: ) Advanced Input Prioritization Approachesmentioning
confidence: 99%
See 4 more Smart Citations
“…LEOPARD [15] keeps queue culling yet add an additional step, prioritizing the selected inputs from queue culling by a function-level coverage metrics, rather than choosing randomly in AFL. The approach is able to cover all visited edge in each fuzzing loop, but it requires to preprocess the targeting programs for function complexity analysis and thus brings performance overhead.…”
Section: ) Advanced Input Prioritization Approachesmentioning
confidence: 99%
“…Current anti-fuzzing techniques make coverage-guided fuzzers much less effective in vulnerability discovery, causing 85%+ performance decrease in exploring paths. Unfortunately, many of the presented edge-coverage-based fuzzers [12,15,43,53,60] suffer from the current anti-fuzzing techniques. VUzzer is affected due to the use of concolic execution.…”
Section: Anti-fuzzing Techniquesmentioning
confidence: 99%
See 3 more Smart Citations