Richard Amankwah, Jinfu Chen, Alfred Adutwum Amponsah, P. Kudjo, Vivienne Ocran, Comfort Ofoley Anang
{"title":"Fast Bug Detection Algorithm for Identifying Potential Vulnerabilities in Juliet Test Cases","authors":"Richard Amankwah, Jinfu Chen, Alfred Adutwum Amponsah, P. Kudjo, Vivienne Ocran, Comfort Ofoley Anang","doi":"10.1109/iSCI50694.2020.00021","DOIUrl":null,"url":null,"abstract":"Automated static analysis tools (ASATs) are one of the most widely used and effective ways of detecting bugs in Java code. ASATs helps to improve the security of software by detecting potential violations without executing the application. We have explored the existing automated static analysis techniques detection capabilities and noticed that, they are deficient in terms of processing time and generation of false warnings. Thus, the study proposed a Fast Bug Detection Algorithm (FBDA) to address the aforementioned deficiencies. Furthermore, we compared our results based on the FBDA to the existing automated static analysis tools. The main idea is to reduce the size of the code area to be investigated without compromising on quality and improve the processing time. Additionally, we tested the effectiveness of our framework using a designated subset of the Juliet Test Suite and the results show that our approach achieved a performance gain of 66% and can successfully detect bug patterns than existing static analysis tools. Our experimental analysis further shows that, the percentage of false positive obtained by our framework is 18.5%, which is much less than the percentage of false positive reported by ASATs.","PeriodicalId":433521,"journal":{"name":"2020 IEEE 8th International Conference on Smart City and Informatization (iSCI)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 8th International Conference on Smart City and Informatization (iSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/iSCI50694.2020.00021","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Automated static analysis tools (ASATs) are one of the most widely used and effective ways of detecting bugs in Java code. ASATs helps to improve the security of software by detecting potential violations without executing the application. We have explored the existing automated static analysis techniques detection capabilities and noticed that, they are deficient in terms of processing time and generation of false warnings. Thus, the study proposed a Fast Bug Detection Algorithm (FBDA) to address the aforementioned deficiencies. Furthermore, we compared our results based on the FBDA to the existing automated static analysis tools. The main idea is to reduce the size of the code area to be investigated without compromising on quality and improve the processing time. Additionally, we tested the effectiveness of our framework using a designated subset of the Juliet Test Suite and the results show that our approach achieved a performance gain of 66% and can successfully detect bug patterns than existing static analysis tools. Our experimental analysis further shows that, the percentage of false positive obtained by our framework is 18.5%, which is much less than the percentage of false positive reported by ASATs.
自动静态分析工具(asat)是检测Java代码中错误的最广泛使用和最有效的方法之一。asat可以在不执行应用程序的情况下检测潜在的违规行为,从而帮助提高软件的安全性。我们对现有的自动化静态分析技术的检测能力进行了探索,发现它们在处理时间和产生错误警告方面存在不足。因此,本研究提出了一种快速Bug检测算法(FBDA)来解决上述不足。此外,我们将基于FBDA的结果与现有的自动化静态分析工具进行了比较。其主要思想是在不影响质量和改进处理时间的情况下减少要调查的代码区域的大小。此外,我们使用Juliet Test Suite的指定子集测试了框架的有效性,结果表明我们的方法实现了66%的性能增益,并且比现有的静态分析工具能够成功地检测错误模式。我们的实验分析进一步表明,我们的框架获得的假阳性百分比为18.5%,远低于ASATs报告的假阳性百分比。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
