Research And Implementation Of Pre-Marking Vulnerability Identification And Analysis Technology Based On Homology Detection

Open source software is software that provides source code and can be used for free.Typically,these software allow other developers to modify it on top of it,and then redistribute the modified software.Because of these characteristics of open source software,more and more companies and developers began to join the open source software community,making the ecosystem of open source softw are is becoming more and more huge.However,due to the uneven level of development and security awareness of open source software contributors,a lot of unaudited code that may have security risks is beginning to flow into the open source community.The development of the Internet provides users with a large number of open source software to obtain,which reduces the threshold of software development,and greatly promotes the prosperity of the software industry.But there may be some pitfalls in using open source software through code cloning.On the one hand,code cloning is easy to cause intellectual property disputes,on the other hand,if there are security vulnerabilities in open source software itself,code cloning may make these vulnerabilities spread to new software.Although researchers have been trying for years to detect code clones to find vulnerabilities.However,due to the rapid growth in the size and number of open source software,most studies are unable to provide a highly scalable detection tool that can cope with this situation.In addition,most of the existing clone detection technologies focus on plagiarism detection,which can not accurately find the vulnerabilities caused by code cloning,nor can they find the vulnerabilities caused by calling third-party open source libraries.In order to solve the above problems that commissioned by the National Internet Emergency Center(CNCERT),this paper proposes a good scalability detection scheme—technology of pre-marking vulnerability identification and analysis technology based on homology.This technology can quickly and effectively detect security vulnerabilities in large software programs.Through the multi-level abstraction of the testing software and the comprehensive utilization of a variety of homology detection techniques,this technology realizes the effect of reducing the detection range step by step and improving the detection accuracy at the same time.Thus,a balance between detection speed and accuracy is achieved,and good scalability is obtained at the same time.Compared with other vulnerability detection methods,this technology also has the following ad vantages.First,the technique can be used to detect vulnerabilities in multiple languages and types.Second,the technique uses real vulnerabilities in vulnerability libraries such as NVD as samples with higher accuracy.Finally,the technology not only performs well on small sample data,but also has good performance when the amount of data is very large.The author applies for a patent for the technology proposed in this paper and implements a vulnerability identification and analysis system.In the test,the system detected 130GB open source software from GitHub(about 5600 repositories).A total of 387 repositories were detected to be infected with different types of vulnerabilities,with a total of 2289 hits.At present,the system has been delivered to the CNCERT.