| As information technology for continuous innovation and development,the continuing popularity of Information networks,information technology has become the most active factors of production.Thus affecting the country's comprehensive strength and international competitiveness of the key factors,Information on the global economic and social development have become the salient features,and gradually to the evolution of a full range of social change. The economic and social development is highly dependent on information-oriented,information security has become too involved in economic and social development in all fields,not only affects the individual rights of citizens, but also relates to national security, economic development, public interest, the major strategic issues.Construction of the entire information system is based on a variety of software and hardware equipment, because of the diversity of functional requirements, making modern software systems become increasingly large and complex, the inevitable emergence of a wide variety of security vulnerabilities. In order to stop this threat, various firewall and antivirus software, using a variety of measures to prevent the invasion and destruction, but there is a computer security problems intensified trend. The underlying reason is that most computer security problems is computer software shortcomings, from the outside to block attackers is always palliative, failed to grasp the core of the problem, so little effect. So, how early to detect loopholes in the software system, the software security field is now an urgent need to solve problems.This dissertation is a Windows platform software security vulnerability of a summary of mining technology innovation and expansion. This paper first introduces the definition of software security vulnerabilities and varieties of causes, summarized and compared the classification of a variety of software vulnerabilities, and to one of the mining of software vulnerabilities have greater significance to help and guide more detailed classification method instructions. Then, the collection and analysis of a wide range of software security vulnerabilities in a typical mining methods, the main detection method is divided into static and dynamic testing methods and three types of hybrid detection methods. Articles for each type of method presented its own advantages and shortcomings, have done a summary and comparison, and lists and descriptions of some applications a wide range of automation and semi-automated detection tools. Next, the traditional method of digging holes is mainly for software code and functionality of local testing, but the overall logic of the software process concerns the problem of low degree, this combination of model checking, finite state automata theory and fuzzy pattern recognition is proposed based on fuzzy metrics mining model for software vulnerabilities. This article first described a theoretical model and using simulation results illustrate the feasibility of this model, effectiveness, as well as vulnerability detection methods compared to traditional software security procedures in the detection of advantages.Finally, the study is summarized and an outlook on future trends. |
PDF Full Text Request