Decision Tree Algorithm-based API Misuse Detection

LI Kang-le,REN Zhi-lei,ZHOU Zhi-de,JIANG He
DOI: https://doi.org/10.11896/jsjkx.211100177
2022-01-01
Abstract:Application programming interface(API) benefits to effectively improve software development efficiency by reusing existing software frameworks or libraries.However,many constraints must be satisfied to correctly use APIs,such as call order,exception handling.Violation of these constraints will cause API misuse,which may result in software crashes,errors,or vulnerabilities.Although many API misuse detection techniques have been proposed,these techniques still face two challenges:1) the acquisition of API usage specification is difficult,and 2) the detection of many different types of API misuse at the same time is difficult.To address the above challenges,a decision tree algorithm-based API misuse detection method is proposed.First,the API usage source code is converted into an API usage graph,and the API usage specification is mined from the graph to effectively solve the first challenge.Second,an API usage decision tree is constructed based on the obtained API specification information,and the generalization ability of the API usage decision tree is improved by incorporating pruning strategies.Finally,a combination of coarse-grained and fine-grained detection is proposed in the detection phase to improve the detection capability of the API usage decision tree,which effectively solves the second challenge.Experimental results show that the proposed approach can rea-lize detection of API misuse defects to a certain extent.
What problem does this paper attempt to address?