Abstract
Improving software assurance is of paramount importance given the impact of software on our lives. Static and dynamic approaches have been proposed over the years to detect security vulnerabilities. These approaches assume that the signature of a defect, for instance the use of a vulnerable library function, is known apriori. A greater challenge is detecting defects with signatures that are not known apriori -- unknown software defects. In this paper, we propose a general approach for detection of unknown defects. Software defects are discovered by applying data-mining techniques to pinpoint deviations from common program behavior in the source code and using statistical techniques to assign significance to each such deviation. We discuss the implementation of our tool, FaultMiner, and illustrate the power of the approach by inferring two types of security properties on four widely-used programs. We found two new potential vulnerabilities, four previously known bugs, and several other violations. This suggests that FaultMining is a useful and promising approach to finding unknown software defects.