An approach for predicting multiple-type overflow vulnerabilities based on combination features and a time series neural network algorithm

Abstract

Overflow vulnerability is a common and dangerous software vulnerability that can lead to information theft, resource control, system collapse and other hazards. However, recent studies on predicting software overflow vulnerability have failed to specifically analyze factors and features that can lead to each type of overflow vulnerability and have only focused on binary classification problems rather than multiclassification problems, which are inefficient and time-consuming. Therefore, this paper proposes a multiple-type overflow vulnerability prediction method based on a combination of features and a time series neural network algorithm. First, by analyzing software overflow vulnerability features, a method is proposed to extract the internal vulnerability features of program source code. Then, an IFS set of internal vulnerability features of software overflow vulnerability is constructed. Second, an EFS set of external vulnerability features of software overflow vulnerability is extracted using a source code static analysis tool. A software overflow vulnerability feature library is constructed based on the IFS set and the EFS set. Finally, a multiple-type overflow vulnerability prediction method is constructed based on a time series bidirectional recurrent neural network after the symbol transformation and vector transformation of software overflow vulnerability features. Experiments show that the proposed method offers a higher precision, accuracy, recall rate, and F1 value. Moreover, this method can accurately detect the overflow vulnerability in actual software vulnerability predictions.