JMD [Java Malware Detector]: A Hybrid Approach for Detecting Java Malware
2015. Adrian Herrera, Ben Cheney (@cheneyben). See PDF online, tweet.
This paper is about malware detection, not about defect detection.
1 JMD uses combination of (1) symbolic execution, (2) instrumentation and (3) dynamic analysis. They use and . Number of vulnerabilities increases from 2001 to 2013. The most common delivery for exploits is a Java applet (read about!). Application is executed under sandbox. There is a problem: malware can evade detection by remaining dormant until trigger is met, solution: alternative paths exploration (using SE). 2 Tool works with Java bytecode. There is no native code deterctors. (see later).
Sergey Vartanov, 2007–2020