Mining Defects of Result-Sensitive Function Based on Information Entropy

Result-sensitive function is a typical type of security-sensitive function. The misuse of result-sensitive functions often leads to a lot kinds of software defects. Existing defect detection methods based on code mining for result-sensitive functions usually require a gived security rule or an inferred security rule as input. Based on the principle of consistency, we propose a defect detection method based on information entropy. Firstly, the feature vector about usage of function is extracted from every function instance. Then, the information entropy is introduced to measure the abnormal degree of the feature vector. The function instances with high degree of abnormality is regarded as dangerous instances. Experiments show that the proposed method can effectively detect dangerous instances of security defects without a gived security rule.