Research On Prediction Method Of Software Buffer Overflow Vulnerability Based On Software Metrics

In the increasingly serious network security problem,the buffer overflow of software is the most common and serious vulnerability in software vulnerabilities.The buffer overflow vulnerability causes some information stealing,resource control,system crash and so on.Aiming at this research problem,this paper proposes a method based on software metric buffer overflow vulnerability prediction.In this paper,a multi-type buffer overflow vulnerability prediction method based on decision tree algorithm is proposed.In addition,a buffer overflow vulnerability prediction method based on random forest algorithm metric function level is proposed for data imbalance.The main contents are as follows:Firstly,this paper studies different types of software cache overflow vulnerabilities,uses software metrics to statically analyze the source code of software,and analyzes the research methods based on software metrics and machine learning classification algorithms to predict software cache overflow vulnerabilities.The data imbalance feature of the buffer overflow vulnerability is studied.Secondly,according to the source code of the software,the corresponding software metrics are extracted to adopt the mutual information method for feature selection,combined with the calling relationship between functions in the actual running process of the software,and the data extraction method is used in different types of buffer overflow vulnerability data.The data of dynamic data stream based on function level is extracted.Based on this,a decision tree algorithm is proposed to predict the overflow vulnerability of SVL buffer.Thirdly,based on the SVL cache vulnerability prediction method proposed in this paper,there is an imbalance between the data actually extracted in the software.Based on the vulnerability prediction method in the SVL buffer area,the SMOTE based on the genetic algorithm is improved in the data layer.The algorithm oversamples the unbalanced data set and selects the random forest integration algorithm to predict the software cache vulnerability.Finally,the C/C++ dataset and Java dataset are extracted in the real program,and the buffer overflow vulnerability prediction method based on the decision tree algorithm metric function level is tested.The random forest algorithm metric function is used in the Java dataset.Level buffer overflow vulnerability prediction method was experimented.