As software security problems become more severe, detection methods of software vulnerabilities have been making huge strides during the past decades. Because of high ration on mistaking of static detection and missing of dynamic detection, a multitude of experts state a kind of combination methods of vulnerability detection named hybrid detection, with using comprehensive ability of static detection and accuracy of dynamic detection to get the goal of precision. The method is merged strategy that optimize efficiency of detection without change the original detection methods of static and dynamic part.Path-oriented Merged Strategy, based on the path which is the key to hybrid detection, is composed of path analysis, path control and path recommendation. Path analysis get completed path of vulnerability by the analysis for critical path of bugs and function call. Path control shield bug-irrelevant paths via Program instrumentation, through which can get the goal of saving space of the test. Path recommendation offer the best path reference by judging the ratio of function importance in completed path and path length. Additionally, the path analysis is offer data to path control and path recommendation and the two latter methods is offer guideline to dynamic detection.According to the experiment result, the merged strategy can fully analyze the static detection data, and reduce the test space and guide test case generation, which provided efficient guidance for dynamic detection. The efficiency of hybrid detection is enhanced. |