基于软件行为的可信评价研究

doi:10.11896/j.issn.1002-137X.2016.01.045

摘要/Abstract

摘要： 为了准确合理地评价软件可信性,提出了基于软件行为的可信评价模型。首先,在软件行为迹中设置监控点,根据监控点各属性的性质及其在可信评价系统中的作用,将监控点的属性分为控制流和数据流两级。其次,针对控制流级属性,提出基于支持向量机(Support Vector Machine,SVM)的软件行为迹的评价方法；针对数据流级属性,提出基于模糊层次分析法的场景属性评价方法。最后,实验分析表明,基于软件行为的可信评价模型能够准确地评价软件可信性,并且具有较高的效率。

关键词: 软件行为,支持向量机,模糊层次分析法,监控点,软件可信

Abstract: In order to evaluate the trustworthiness of the software accurately and reasonably,a trustworthiness evaluation model based on software behavior was proposed.Firstly,the monitoring points are set up in the software behavior trace.According to the attribute of the monitoring points and the function in the trusted evaluation system,the monitoring points are divided into control flow and data stream.Secondly,for the attribute of control flow,the evaluation me-thod of the software behavior trace based on support vector machine (SVM) is proposed.And for the attribute of data stream,the evaluation method of scene property based on fuzzy AHP is proposed.Finally,the experimental analysis shows that the trustworthiness evaluation model based on software behavior can evaluate the trustworthiness of software accurately and the efficiency.

Key words: Software behavior,Support vector machine,Fuzzy hierarchy analysis,Monitoring points,Software trustworthiness

丁卫涛,徐开勇. 基于软件行为的可信评价研究[J]. 计算机科学, 2016, 43(1): 202-206. https://doi.org/10.11896/j.issn.1002-137X.2016.01.045

DING Wei-tao and XU Kai-yong. Research of Trustworthiness Evaluation Model Based on Software Behavior[J]. Computer Science, 2016, 43(1): 202-206. https://doi.org/10.11896/j.issn.1002-137X.2016.01.045

参考文献

[1] Rotondo S A.Trusted Computing Group[M]∥Encyclopedia of Cryptography and Security.2011:1331-1331
[2] Shen Chang-xiang,Zhang Huan-guo,Wang Huai-min,et al.Research and development of trusted computing [J] Chinese Science:Information Science,2010,40(2):139-166(in Chinese)沈昌祥,张焕国,王怀民,等.可信计算的研究与发展[J].中国科学:信息科学,2010,40(2):139-166
[3] Qu Yan-wen.Software Behavior[M].Beijing:Publishing House of Electronics Industry,2004(in Chinese)屈延文.软件行为学[M].北京:电子工业出版社,2004
[4] Shen Guo-hua,Huang Zhi-qiu,Qian Ju,et al.Research on Software Trustworthiness Evaluation Model and Its Implementation[J].Journal of Frontiers of Computer Science and Technology ,2011,5(6):553-561(in Chinese)沈国华,黄志球,钱巨,等.软件可信评估模型及其工具实现[J].计算机科学与探索,2011,5(6):553-561
[5] Huang Jian-feng.Journal of Computer Research and Development[J].Electronics World,2014(16):374-374(in Chinese) 黄见峰.基于马尔可夫的软件可信评估模型研究[J].电子世界,2014(16):374-374
[6] Sekar R,Bendre M,Dhurjati D,et al.A fast automaton-basedmethod for detecting anomalous program behaviors[C]∥2001 IEEE Symposium on Security and Privacy(S&P 2001).IEEE,2001:144-155
[7] Li Zhen,Tian Jun-feng,Yang Xiao-hui.Dynamic Trustworthiness Evaluation Model of Software Based on Checkpoint’s Classification Attributes[J].Journal of Computer Research and Development,2013,50(11):2397-2405(in Chinese)李珍,田俊峰,杨晓晖.基于检查点分级属性的软件动态可信评测模型[J].计算机研究与发展,2013,50(11):2397-2405
[8] Fu J M,Tao F,Wang D,et al.Software behavior model based on system objects[J].Journal of Software,2011,22(11):2716-2728(in Chinese)傅建明,陶芬,王丹,等.基于对象的软件行为模型[J].软件学报,2011,22(11),2716-2728
[9] Zhang Xue-gong.Introduction To Statistical Learning TheoryAnd Support Vector Machines[J].Acta Automatica Sinica,2000,26(1):32-42(in Chinese)张学工.关于统计学习理论与支持向量机[J].自动化学报,2000,26(1):32-42
[10] Luo Qing-hua,Yan Xiao-zhen,Peng Yu,et al.A dynamic RSSI-based ranging method using pattern matching of slide window[J].Chinese Journal of Scientific Instrument,2015,36(3):499-506(in Chinese)罗清华,焉晓贞,彭宇,等.基于滑动窗口模式匹配的动态距离估计方法[J].仪器仪表学报,2015,36(3):499-506
[11] Peng N.A SVM reliability evaluation model for component-based software systems[C]∥2013 2nd International Symposium on Instrumentation and Measurement,Sensor Network and Automation (IMSNA).IEEE,2013:704-708
[12] Pirzadeh H,Hamou-Lhadj A.A software behaviour analysisframework based on the human perception systems:NIER track[C]∥2011 33rd International Conference on Software Enginee-ring (ICSE).IEEE,2011:948-951
[13] Sderstrm O,Moradian E.Secure Audit Log Management[J].Procedia Computer Science,2013,22:1249-1258
[14] Chen Song,Wang Guang-wei,Liu Xin-yu,et al.Research on the Evaluation of Information System Security[J].Communications Technology,2012,45(1):128-130(in Chinese)陈颂,王光伟,刘欣宇,等.信息系统安全风险评估研究[J].通信技术,2012,45(1):128-130
[15] Jsang A,Bradley D,Knapskog S J.Belief-based risk analysis[C]∥Proceedings of the second workshop on Australasian Information Security,Data Mining and Web Intelligence,and Software Internationalisation-Volume 32.Australian Computer Socie-ty,Inc.,2004:63-68
[16] Tian J F,Zhu Y.Trusted Software Construction Model Based on Trust Shell[J].Advanced Materials Research,2011,186:251-255
[17] Guo Jin-yu,Zhang Zhong-bin,Sun Qing-yun.Study and Application of Analytic Hierarchy Process[J].China Safety Science Journal,2008,18(5):148-153(in Chinese)郭金玉,张忠彬,孙庆云.层次分析法的研究与应用[J].中国安全科学学报,2008,18(5):148-153
[18] Shi L,Yang S.The evaluation of software trustworthiness with FAHP and FTOPSIS methods[C]∥International Conference on Computational Intelligence and Software Engineering,2009(CiSE 2009).IEEE,2009:1-5
[19] Tian Jun-feng,Zhang Ya-jiao.Checkpoint trust evaluation me-thod based on Markov[J].Journal on Communications,2015,36(1):230-236(in Chinese) 田俊峰,张亚姣.基于马尔可夫的检查点可信评估方法[J].通信学报,2015,36(1):230-236
[20] Hu Yong.Research on the Evaluation of Information System Security[D].Chengdu:Sichuan University,2007(in Chinese)胡勇.网络信息系统风险评估方法研究[D].成都:四川大学,2007
[21] Forrest S,Hofmeyr S A,Somayaji A,et al.A sense of self for unix processes[C]∥Proceedings of IEEE Symposium on Computer Security and Privacy.1996:120-128
[22] Xu Chan,Liu Xin,Wu Jian,et al.Software Behavior Evaluation System Based on BP Neural Network[J].Computer enginee-ring,2014,40(9):149-154(in Chinese)徐婵,刘新,吴建,等.基于 BP 神经网络的软件行为评估系统[J].计算机工程,2014,40(9):149-154

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed