We present a demand-driven approach to memory leak detection algorithm based on flow- and context-sensitive pointer analysis. The detection algorithm firstly assumes the presence of a memory leak at some program point...We present a demand-driven approach to memory leak detection algorithm based on flow- and context-sensitive pointer analysis. The detection algorithm firstly assumes the presence of a memory leak at some program point and then runs a backward analysis to see if this assumption can be disproved. Our algorithm computes the memory abstraction of programs based on points-to graph resulting from flow- and context-sensitive pointer analysis. We have implemented the algorithm in the SUIF2 compiler infrastructure and used the implementation to analyze a set of C benchmark programs. The experimental results show that the approach has better precision with satisfied scalability as expected.展开更多
Heap memory anomalies,such as Use-After-Free(UAF),Double-Free,andMemory Leaks,pose critical security threats including system crashes,data leakage,and remote exploits.Existing methods often fail to handle multiple ano...Heap memory anomalies,such as Use-After-Free(UAF),Double-Free,andMemory Leaks,pose critical security threats including system crashes,data leakage,and remote exploits.Existing methods often fail to handle multiple anomaly types and meet real-time detection demands.To address these challenges,this paper proposes MemHookNet,a real-time multi-class heap anomaly detection framework that combines log hooking with deep learning.Without modifying source code,MemHookNet non-intrusively captures memory operation logs at runtime and transforms them into structured sequences encoding operation types,pointer identifiers,thread context,memory sizes,and temporal intervals.A sliding-window Long Short-Term Memory(LSTM)module efficiently filters out suspicious segments,which are then transformed into pointer access graphs for classification using a GATv2-based model.Experimental results demonstrate that MemHookNet achieves 82.2% accuracy and 81.5% recall with an average inference time of 15 ms,outperforming DeepLog and GLAD-PAW by 11.7% in accuracy and reducing latency by over 80%.展开更多
基金supported by the National Natural Science Foundation of China under Grant Nos. 60725206, 60673118, and 90612009the National High-Tech Research and Development 863 Program of China under Grant No. 2006AA01Z429+2 种基金the National Basic Research 973 Program of China under Grant No. 2005CB321802the Program for New Century Excellent Talents in University under Grant No.NCET-04-0996the Hunan Natural Science Foundation under Grant No. 07JJ1011
文摘We present a demand-driven approach to memory leak detection algorithm based on flow- and context-sensitive pointer analysis. The detection algorithm firstly assumes the presence of a memory leak at some program point and then runs a backward analysis to see if this assumption can be disproved. Our algorithm computes the memory abstraction of programs based on points-to graph resulting from flow- and context-sensitive pointer analysis. We have implemented the algorithm in the SUIF2 compiler infrastructure and used the implementation to analyze a set of C benchmark programs. The experimental results show that the approach has better precision with satisfied scalability as expected.
基金upported by Open Foundation of Key Laboratory of Cyberspace Security,Ministry of Education of China(No.KLCS20240211).
文摘Heap memory anomalies,such as Use-After-Free(UAF),Double-Free,andMemory Leaks,pose critical security threats including system crashes,data leakage,and remote exploits.Existing methods often fail to handle multiple anomaly types and meet real-time detection demands.To address these challenges,this paper proposes MemHookNet,a real-time multi-class heap anomaly detection framework that combines log hooking with deep learning.Without modifying source code,MemHookNet non-intrusively captures memory operation logs at runtime and transforms them into structured sequences encoding operation types,pointer identifiers,thread context,memory sizes,and temporal intervals.A sliding-window Long Short-Term Memory(LSTM)module efficiently filters out suspicious segments,which are then transformed into pointer access graphs for classification using a GATv2-based model.Experimental results demonstrate that MemHookNet achieves 82.2% accuracy and 81.5% recall with an average inference time of 15 ms,outperforming DeepLog and GLAD-PAW by 11.7% in accuracy and reducing latency by over 80%.
