| With the development of information technology,software has become an important element of the world economy,culture,science &technology,education and military development.As one of the core infrastructures of information system,software is widely used in communication,finance,medicine,etc.No matter in commercial software or small program developed by individual programmers,the use of source code/components has become increasingly common and open souce has become a trend.The vulnerability of source code software is increasing,and the number of network attacks based on open source software vulnerabilities is increasing year by year.The vulnerability mining technology of source code software can be targeted to open source software,and it is of great strategic significance for China and our army to grasp the vulnerability mining technology of open source software.This paper focuses on the key technologies in source software vulnerability mining.It is found that existing source code vulnerability mining method is not perfect.In the aspect of static analysis,the existing method has the problem of low type of support and low mining accuracy.In terms of dynamic testing,symbolic execution and fuzzy test technology,although can dig holes,but symbolic execution path explosion problems,fuzzy test problems such as low coverage,do not have guidance.Based on the direct or indirect information and formal methods of source code,the paper studies the static analysis,symbol execution and fuzzy test.The main work and innovation are as follows:Aiming at solving the problem of statically mining multiple source code software vulnerabilities,a method of source code software vulnerability mining based on code property graph is proposed.At first,parse the source code with the grammar parser to generate the parse tree,abstract syntax tree,control flow graph and data flow graph in turn.Then the abstract syntax tree,control flow diagram,and data flow chart are used to form the code property graph,and the basic traversal method of the program nature graph is defined.Finally,based on the description of multiple source code vulnerability,the flaw is excavated on the basis of the traversal mode of the combination program.Experimental results show that this method can effectively detect all kinds of source code vulnerabilities.Aiming at solving the problem of mining precision of buffer overflow vulnerability,a method of mining buffer overflow vulnerability based on machine learning is proposed.This method firstly summarizes 7 kinds of static attributes of buffer overflow vulnerabilities,namely sink type,containers,index/address/length,complexity,sanitization,loop/-conditions/call depth and input control.Then,the static attributes of the buffer overflow vulnerability are extracted by the extended code property graph and are converted to digital vector.Then,the supervised machine learning algorithms are used to train classifiers on the labeled training data set.Finally,this classifier is used to exploit the buffer overflow vulnerability in the new source code program.The experimental results show that this method can exploit buffer overflow vulnerabilities in low false positives compared with other static analysis tools.Aiming at solving the problem of path explosion caused by the symbol execution of program containing loops,a high efficient symbol execution technique combined with static program analysis is proposed.Firstly,the static program analysis is used to calculate the loop invariant from the control flow graph of the program.Then,instrumenting the program with loop invariant to generate the new control flow graph.Finally,symbol execution is performed on the new control flow diagram to detect vulnerabilities.The comparison experiment shows that this method can find more vulnerabilities than the normal symbol execution and the specific symbolic execution which unrolls loops with fixed time and it takes less time.Aiming at solving the problems of directed fuzzing,a method of fine-grained variation directed fuzzing is proposed.Firstly,the method uses directed fuzzing to collect test cases.Then,Long Short-Term Memory is used to train a model to determine the which fields that play a key role in testing the target area;in the meantime the weight of each field is collected.Finally,the key field of the current test case is dynamically generated by the above model,and the key field weights are used to generate the test cases with fine-grained variation.The experimental results show that the method is more effective in guiding the target area and detecting vunerabilities than the directed fuzzing and the normal fuzzing. |
PDF Full Text Request