| With development of information technology,the application of software has covered all walks of life,accompanied by growing complexity of software systems.In the process of software development,any problem in any link may lead to software defects,which will be attacked by others and cause serious losses.Therefore,in view of software security problems,defect definition,defect classification,defect detection and other fields are carried out successively.However,with complexity of functional requirements and the intelligence of software,some software defect detection technologies are unable to detect effectively.Therefore,continuous improvement of software defect detection technology is a key research direction in the field of information security.Software defect analysis and detection are mainly divided into source code and binary defect analysis and detection.Static analysis techniques are mainly used for source code,such as symbol execution,model checking,constraint analysis,etc.Dynamic analysis techniques are used for defect detection of compiled binary programs,such as fuzzy testing,dynamic stain analysis,etc.At present,most defect detection tools only focus on source code,which is usually not easily available,so it is very important to detect the defects in binary code.The current research on software defect prediction is biased towards fixed version projects.However,the development process of software evolves from multiple versions,and the conventional detection methods couldn’t effectively analyze the relationship between different versions,resulting in poor performance of defect detection for evolution projects.The research work of this paper is as follows:1.Aiming at the problem that it is difficult to detect software defects without source code and the static analysis method has a high false alarm rate,a method of locating buffer overflow in binary files based on dynamic execution analysis technology was proposed,which includes four steps:(1)Collect a group of successful and failed executions,and identify relevant addressing instructions for each memory access.(2)Restore the corresponding memory layout for each memory access based on addressing instructions.(3)Some recovered memory layouts may represent the same variable,so they are combined into one memory layout.(4)Use the memory layout of the successful execution as a reference to locate the buffer overflow in the failed execution.The experiment verifies the effectiveness of the proposed method,and compared with existing defect detection tools,the experimental results show that the method in this paper has the lowest false positive rate and false positive rate.2.Aiming at the problem that the existing evolution oriented project technology pays more attention to how to select metric elements,but does not fully consider the characteristics of defects and prediction models,this paper combined the static defect prediction technology and related measurement elements,and built a defect prediction model based on ensemble learning method through the change of measurement elements between adjacent versions and code metrics elements,so that the classifier pays more attention to the error classification of defect modules in each cycle,thus improving the performance of the model,and comparing the differences between different integration methods.Finally,the integrated model proposed in this paper was compared with other evolutionary project prediction methods,and the experimental results show that the integrated model has certain advantages in evaluation indicators.3.The two kinds of defect analysis techniques proposed in this paper were applied to the agricultural information direction,aiming at the analysis and prediction of agricultural-related software codes,etc.,and verified and analyzed through relevant experiments.Based on the above methods,a defect analysis and detection system was designed and implemented,and the feasibility of software defect analysis techniques in agricultural application is explored,which has good application value in agricultural information security. |
