ProExtor: Mining API Protocols for Program Vulnerability Detection

Proceedings of the 3rd International Conference on Advanced Information Science and System Pub Date : 2021-11-26 DOI:10.1145/3503047.3503100

Huijia Ye, Juwei Rao, Yang Shi, Zhihua Li

{"title":"ProExtor: Mining API Protocols for Program Vulnerability Detection","authors":"Huijia Ye, Juwei Rao, Yang Shi, Zhihua Li","doi":"10.1145/3503047.3503100","DOIUrl":null,"url":null,"abstract":"API protocols play an important role in program verification, testing, evolution and other phases of the software development process. Many approaches have been proposed to mine API protocols automatically from programs. However, few tools are available, especially dynamical API protocol mining tools. In this paper, we present a dynamical API protocol mining tool for Java programs: ProExtor. Our tool mines API protocols in an online mode based on the instrumentation technique of Java agent. For each class, it produces two models: a probabilistic model and a deterministic model. The probabilistic model will be evolved persistently when more application programs are fed for mining. The deterministic model is transformed from the latest probabilistic model, which can be used for program verification, testing, evolution, etc. Both models can be visualized with the software Graphviz. We elaborate design and implementation details of our tool and an application to a real-world program. We believe our work is a good reference for the development of similar tools.","PeriodicalId":190604,"journal":{"name":"Proceedings of the 3rd International Conference on Advanced Information Science and System","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 3rd International Conference on Advanced Information Science and System","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3503047.3503100","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

API protocols play an important role in program verification, testing, evolution and other phases of the software development process. Many approaches have been proposed to mine API protocols automatically from programs. However, few tools are available, especially dynamical API protocol mining tools. In this paper, we present a dynamical API protocol mining tool for Java programs: ProExtor. Our tool mines API protocols in an online mode based on the instrumentation technique of Java agent. For each class, it produces two models: a probabilistic model and a deterministic model. The probabilistic model will be evolved persistently when more application programs are fed for mining. The deterministic model is transformed from the latest probabilistic model, which can be used for program verification, testing, evolution, etc. Both models can be visualized with the software Graphviz. We elaborate design and implementation details of our tool and an application to a real-world program. We believe our work is a good reference for the development of similar tools.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

ProExtor:为程序漏洞检测挖掘API协议

API协议在软件开发过程的程序验证、测试、演进等阶段起着重要的作用。已经提出了许多从程序中自动挖掘API协议的方法。然而，可用的工具很少，特别是动态API协议挖掘工具。本文提出了一种用于Java程序的动态API协议挖掘工具:ProExtor。该工具基于Java代理的检测技术，采用在线模式对API协议进行挖掘。对于每个类，它产生两个模型:概率模型和确定性模型。当更多的应用程序被投入到挖掘中时，该概率模型将持续进化。确定性模型是由最新的概率模型转化而来的，可用于程序验证、测试、演化等。这两个模型都可以用Graphviz软件可视化。我们将我们的工具和应用程序的设计和实现细节详细描述为现实世界的程序。我们相信我们的工作可以为类似工具的开发提供很好的参考。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 3rd International Conference on Advanced Information Science and System

自引率

0.00%

发文量