Drake: Signature-Guided Detection of Bugs and Vulnerabilities

Abstract

Existing static analysis approaches and tools have limited accuracy in finding bugs and vulnerabilities in large, complex programs. The DRAKE project develops a machine learning based methodology to help developers interactively craft custom static checkers. The user is not expected to know the internals of program analysis; at the same time DRAKE is extensible by program analysis experts, to target new classes of bugs and vulnerabilities. We demonstrate the effectiveness of DRAKE at finding hundreds of new Application Programming Interface (API) misuse bugs in widely used C++ programs such as the Linux kernel and the OpenSSL cryptographic library, with few rounds of user interaction and high accuracy.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2021
Accession Number
AD1152172

Entities

People

  • Mayur Naik

Organizations

  • University of Pennsylvania

Tags

Communities of Interest

  • Autonomy
  • C4I

DTIC Thesaurus Topics

  • Air Force
  • Air Force Research Laboratories
  • Anomaly Detection
  • Artificial Intelligence
  • Change Detection
  • Computer Programming
  • Computer Programs
  • Computers
  • Data Mining
  • Detection
  • Detectors
  • Engineering
  • Information Science
  • Language
  • Machine Learning
  • Operating Systems
  • Programming Languages
  • Software Development
  • Supervised Machine Learning

Fields of Study

  • Computer science
  • Engineering

Readers

  • Cybersecurity.
  • Database Systems and Applications
  • Underwater engineering and Marine Technology.

Technology Areas

  • AI & ML