Abstract
Malicious attacks exploit software vulnerabilities to violate key security features in computer systems. In this paper, we review the related works of studies that propose mechanisms for detecting software vulnerabilities or ways to protect application data. The aim is to analyse how these mechanisms are exploited to detect software vulnerabilities and secure data via applications. Then, we present tracing techniques to understand the behaviour of applications. Finally, we present an approach based on the analysis of program execution traces that allows the detection of vulnerabilities.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Lin, G., Wen, S., Han, Q-L., Zhang, J., Xiang, Y.: Software vulnerability detection using deep neural networks: a survey. In: Proceedings of the IEEE, May 2000. https://doi.org/10.1109/JPROC.2020.2993293
Zhang, J.M., Harman, M., Ma, L., Liu, Y.: Machine learning testing: survey, landscapes and horizons. IEEE Trans. Softw. Eng. 48, 1 –36 (2022). https://doi.org/10.1109/TSE.2019.2962027
Chakkaravarthy, S.S., Sangeetha, D., Vaidehi, V.: A Survey on malware analysis and mitigation techniques. Comput. Sci. Rev. 32, 1–23 (2019). https://doi.org/10.1016/j.cosrev.2019.01.002.,
Benkhelifa, E., Welsh, T., Hamouda, W.: A Critical review of practices and challenges in intrusion detection systems for IoT: towards universal and resilient systems. IEEE Commun. Surv. Tutor. PP(99), 1 (2018)
Yamaguchi, F., Golde, N., Arp, D., Rieck, K.: Modeling and discovering vulnerabilities with code property graphs. In: IEEE Symposium on Security and Privacy, pp. 590–604, May 2014
Liu, L., De Vel, Q., Han, Q.-L., Zhang, J., Xiang, Y.: Detecting and preventing cyber insider threats: a survey. IEEE Commun. Surv. Tuts. 20(2), 1397–1417, 2nd Quart. (2018)
Sun, N., Zhang, J., Rimba, P., Gao, S., Zhang, L.Y., Xiang, Y.: Data-driven cybersecurity incident prediction: a survey. IEEE Commun. Surveys Tuts. 21(2), 1744–1772 (2019)
Ghaffarian, S.M., Shahriari, H.R.: Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey. ACM Comput. Surv. 50(4), 1–36 (2017)
Newsome, J., Song, D.X.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of NDSS, pp. 3–4 (2005)
Li, Z., et al.: Vuldeepecker: a deep learning-based system for vulnerability detection. In: Proceedings of NDSS, pp. 1–15 (2018)
U. N.: IDC, Intel, “A Guide to the Internet of Things Infographic.” February 2015. https://www.intel.com/content/www/us/en/internet-of-things/infographics/guide-to-iot:html
Vermesan, Q., Friess, P.: Internet of Things Applications - From Research and Innovation to Market Deployment Book. River Publishers, Jun. 2014. http://www.internet-of-thingsresearch.eu/pdf/IERC_Cluster_Book_2014_Ch.3_SRIA_WEB.pdf
Chen, C., Seff, A., Kornhauser, A., Xiao, J.: Deepdriving: learning affordance for direct perception in autonomous driving. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 2722–2730 (2015)
Litjens, G., et al.: A survey on deep learning in medical image analysis. Med. Image Anal. 42, 60–88 (2017)
Pei, K., Cao, Y., Yang, J., Jana. S.: Deepxplore: automated whitebox testing of deep learning systems. In: Proceedings of the 26th Symposium on Operating Systems Principles, pp. 1–18. ACM (2017)
Sestili, C.D., Snavely, W.S., VanHoudnos, N.M.: Towards security defect prediction with AI (2018). arXiv:1808.09897. http://arxiv.org/abs/1808.09897
Akrout, R.: Analyse de vulnérabilités et évaluation de systèmes de détection d’intrusions pour les applications Web. Thesis, Institut National des Sciences Appliquées de Toulouse (INSA Toulouse) (2013)
Meresse, S., Muratet, M., Yessad, A.: Analyse de traces d’exécution de programmes informatiques : application au jeu sérieux Prog &Play”, ORPHEE-RDV, atelier: Méthodologies et outils pour le recueil, l’analyse et la visualisation des traces d’interaction, January 2017, Font-Romeu, France. hal-01515783
Kim, S., Woo, S., Lee, H., Oh, H.: VUDDY: a scalable approach for vulnerable code clone discovery. In: Proceedings of Symposium on Security and Privacy, pp. 595–614, May 2017
Jang, J., Agrawal, A., Brumley, D.: ReDeBug: finding unpatched code clones in entire OS distributions. In: IEEE Symposium on Security and Privacy, pp. 48–62, May 2012
Votipka, D., Stevens, R., Redmiles, E., Hu, J., Mazurek, M.: Hackers vs. testers: a comparison of software vulnerability discovery processes. In: Proceedings of IEEE Symposium on Security and Privacy (SP), pp. 374–391, May 2018
Sang, F.L.: Protection des systèmes informatiques contre les attaques par entrées-sorties. Thesis, Institut National des Sciences Appliquées de Toulouse(INSA Toulouse) (2013)
Benali, F.: Modélisation et classification automatique des informations de sécurité" (2009)
Mille, A.: Des traces à l’ère du Web. Intellectica 59, 7–28 (2013)
Galli, T., Chiclana, F., Siewe, F.: Quality properties of execution tracing, an empirical study. Appl. Syst. Innov. 4, 20 (2021). https://doi.org/10.3390/asi4010020
Savary, A.: "Détection de vulnérabilités appliquée à la vérification de code intermédiaire de Java Card", Université de Limoges (2016)
Chaabouni, N., Mosbah, M., Zemmari, A., Sauvignac, C., Faruki, P.: Network intrusion detection for IoT security based on learning techniques. IEEE Commun. Surv. tutor. 21, 2671 –2701 (2018)
Pewny, J., Schuster, F., Bernhard, L., Holz, T., Rossow, C.: Leveraging semantic signatures for bug search in binary programs. In: Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC), pp. 406–415 (2014)
Wu, Z., Pan, S., Chen, F., Long, G., Zhang, C., Yu, P.S.: A comprehensive survey on graph neural networks (2019). arXiv:1901.00596. http://arxiv.org/abs/1901.00596,
Braiek, H., Khomh, F.: On testing machine learning programs (2018). arXiv preprint arXiv:1812.02257
Qamar, A., Karim, A., Chang, V.: Mobile malware attacks: review, taxonomy & future directions. Futur. Gener. Comput. Syst. 97, 887–909 (2019). https://doi.org/10.1016/j.future.2019.03.007
Hojaji, F., Mayerhofer, T., Zamani, B., Hamou-Lhadj, A., Bousse, E.: Model execution tracing: a systematic mapping study. Softw. Syst. Model 18, 3461–3485 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Koala, G., Bassolé, D., Tiendrébéogo, T., Sié, O. (2022). Study of an Approach Based on the Analysis of Computer Program Execution Traces for the Detection of Vulnerabilities. In: Mambo, A.D., Gueye, A., Bassioni, G. (eds) Innovations and Interdisciplinary Solutions for Underserved Areas. InterSol 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 449. Springer, Cham. https://doi.org/10.1007/978-3-031-23116-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-23116-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-23115-5
Online ISBN: 978-3-031-23116-2
eBook Packages: Computer ScienceComputer Science (R0)