TY - JOUR A2 - 伊斯兰教，Nazrul AU - 萌，Qingkun AU - 冯，赵AU - 张滨AU - 唐，Chaojing PY - 2017年DA - 2017年12月21日TI - 通过机器学习协助在缓冲区溢出漏洞的审计SP - 5452396 VL - 2017 AB - Buffer overflow vulnerability is a kind of consequence in which programmers’ intentions are not implemented correctly. In this paper, a static analysis method based on machine learning is proposed to assist in auditing buffer overflow vulnerabilities. First, an extended code property graph is constructed from the source code to extract seven kinds of static attributes, which are used to describe buffer properties. After embedding these attributes into a vector space, five frequently used machine learning algorithms are employed to classify the functions into suspicious vulnerable functions and secure ones. The five classifiers reached an average recall of 83.5%, average true negative rate of 85.9%, a best recall of 96.6%, and a best true negative rate of 91.4%. Due to the imbalance of the training samples, the average precision of the classifiers is 68.9% and the average F 1 分数是75.2％。当分类器应用到一个新的计划，我们的方法可以比较Flawfinder假阳性减少到1/12。SN - 1024-123X UR - https://doi.org/10.1155/2017/5452396 DO - 10.1155 /5452396分之2017JF - 数学问题在工程PB - Hindawi出版KW - ER -