| Software security has always been a key topic all over the world.In the development of open source software,in order to reduce research and development costs,it is necessary to use a large amount of open source code.Due to the differences in the abilities of software developers and the lack of supervision in the open source communities,it is inevitable to use open source code with known or unknown defects.As the result it is must to detect and fix software defects in various processes of software development.The cloning code obfuscation technique reduces the readability of the source code,which brings great challenges to the source code-based software vulnerability detection technology.The binary software analysis technology tracks the execution path flow information on the binary code,to detect the vulnerability of the open source software.has great significance.This paper considers the need for open source software security detection and researches binary software analysis techniques in two different application scenarios.For a large number of open source software,an open source software vulnerability detection method based on convolution neural network(CNN)is proposed to detect fast and accurately.For open source software with complex structure,an open source based on mixed key instruction sequences matching(MKIS)is proposed.MKIS is suitable for accurate detection of known software vulnerability.The main work is as follows:(1)Combined with the requirements of open source software vulnerability detection,based on the research situation of binary software vulnerability detection,and the syntax and semantics of binary open source software code,the binary program analysis technology and related frames are studied and analyzed.(2)Aiming at the defect detection problem of large-scale detection,a Path-Based Convolution Neural Network(PB-CNN)is proposed.The control flow graph is traversed to extract the software path features,then the deep features are extracted by combining the multi-channel CNN and the PB-CNN neuron parameters are trained.Finally,the software defects are detected by the trained PB-CNN.(3)Based on the binary software similarity comparison method a binary open source software defect detection method based on Mixed Key Instruction Sequence(MKIS)is proposed.MKIS builds a novel function execution sequence that performs subsequence matching through the longest common subsequence algorithm.An equivalent key value matching algorithm is proposed to optimize the longest common subsequence to determine the location of each key value.Finally,Match risk items from the risk library based on similarities between open source software. |
PDF Full Text Request