Computer Science ›› 2015, Vol. 42 ›› Issue (5): 183-187.doi: 10.11896/j.issn.1002-137X.2015.05.037

Previous Articles     Next Articles

Method for Software Vulnerability Discovery Based on Soft Set and Multi-attribute Comprehensiveness

TANG Cheng-hua, TIAN Ji-long, WANG Lu, WANG Li-na and QIANG Bao-hua   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Aiming at the problem of the vulnerability coverage and artificial defect review in the software vulnerability detection,a method for software vulnerability discovery based on the soft set and multi-attribute comprehensiveness was proposed.Firstly,based on trusted integrated detection tools,an evaluation model of software vulnerability factors was established.Secondly,the soft set was introduced to measure vulnerability factors,then the serious impact on software security was determined through the method of multi-attribute comprehensive integration tools,and the discovery process of software vulnerability was finally completed.Experimental results show that the method has better detection capabilities for vulnerability in different level ,which provides a feasible way for the improvement of software vulnerability detection false positive rate and false negative rate.

Key words: Software vulnerability,Soft set,Attribute set,False negative rate,False positive rate

[1] 陈平,韩浩,沈晓斌,等.基于动静态程序分析的整形漏洞检测工具[J].电子学报,2010,38(8):1741-1747
[2] 张大林,金大海,宫云战,等.基于缺陷关联的静态分析优化[J].软件学报,2014,25(2):386-399
[3] Williams C C,Hollingsworth J K.Automatic mining of source code repositories to improve bug finding techniques[J].Journal of IEEE Transactions on Software Engineering,2005,31(6):466-480
[4] Nahid S,Amel M,Edgardo M de O,et al.An advanced approach for modeling and detecting software vulnerabilities[J].Information and Software Technology,2012,54(9):997-1013
[5] Ren J D,Cai B L,He H T,et al.A method for detecting software vulnerabilities based on clustering and model analyzing[J].Journal of Computational Information Systems,2011,7(4):1065-1073
[6] Zhang Ruo-yu,Huang Shi-qiu,Qi Zheng-wei,et al.Static pro-gram analysis assisted dynamic taint tracking for software vulnerability discovery[J].Computers & Mathematics with Applications,2012,63(2):469-480
[7] 孔德光,郑烇,陈超,等.基于数据融合的源代码静态分析漏洞检测技术[J].小型微型计算机系统,2008,29(6):1109-1112
[8] 李鑫,李京春,郑雪峰,等.一种基于层次分析法的信息系统漏洞量化评估方法[J].计算机科学,2012,39(7):58-63
[9] 周亮,李俊娥,陆天波,等.信息系统漏洞风险定量评估模型研究[J].通信学报,2009,30(2):71-76
[10] 李珍,田俊峰,杨晓晖.基于检查点分级属性的软件动态可信评测模型[J].计算机研究与发展,2013,0(11):2397-2405

No related articles found!
Full text



No Suggested Reading articles found!