Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Program operation characteristic extracting method for detecting vulnerability model

A technology of program feature and model detection, applied in instruments, electrical digital data processing, platform integrity maintenance, etc., can solve the problem of repeated work affecting the detection speed, etc., to achieve the effect of speeding up the detection speed and overcoming the repeated work

Inactive Publication Date: 2010-12-22
NANJING UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The object of the present invention is: to propose a detection target for a software vulnerability model based on the vulnerability model, aiming at the problems of a large amount of repetitive work and affecting the detection speed in the current software vulnerability detection method, based on the state machine model of the software vulnerability, using the control flow graph and Data flow analysis technology extracts the program features related to the state machine model of software vulnerabilities, and abstracts the software code to model, which can be used for static detection of vulnerabilities to determine the existence of the vulnerability model in the code

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Program operation characteristic extracting method for detecting vulnerability model
  • Program operation characteristic extracting method for detecting vulnerability model
  • Program operation characteristic extracting method for detecting vulnerability model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] The working process of the inventive method is as Figure 1-Figure 4 shown.

[0015] figure 1 Shown is the overall structure and working principle of this method implementation. The purpose of this method is to analyze and filter the programs to be detected according to the operations involved in the vulnerability model. Therefore, it is necessary to load the vulnerability model from the database into the memory so that it can be used as a reference when analyzing the program; the program is loaded into the feature analysis process, and the required operations are extracted according to the information related to the operation of the vulnerability model to complete the abstraction of the program and obtain the program feature sequence.

[0016] figure 2 Indicates the vulnerability model loading process. The vulnerability model is composed of state nodes and directed edges of the vulnerability state machine. There are three types of state nodes: start, intermediat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method of program feature extraction for detecting software vulnerability models comprises steps of 1) loading a vulnerability model from a database to a memory, using the vulnerability model as a reference when analyzing the program and creating a data structure of the vulnerability model, 2) loading a program and a feature analysis extracting process, abstracting software codes compiled via agcc, and extracting required operations according to the operating information related to the vulnerability model to obtain a sequence of program feature, namely a program feature sequence for detecting the vulnerability model. The loading process of the vulnerability model includes: the vulnerability model is composed of state nodes of the vulnerability state and the set of directed edges. The process of loading the program and extracting features includes extracting information related to the vulnerability state in a program control flow chart, and then organizing the information in terms of functions. The process of extracting the operating sequence related to the vulnerability model includes that each function program feature corresponds to one operation sequence linked list, and the operating sequence linked lists are organized in terms of functions, wherein the node of the operating sequence linked list is an operation or function related to the vulnerability state.

Description

technical field [0001] The invention relates to a computer software loophole detection method, in particular to a method for extracting program operation features of a loophole model based on the detection. Background technique [0002] As the size and complexity of software grow, so do the hidden security holes and the threat of loss from attacks. The fundamental solution to prevent system attacks and intrusions is to find and eliminate software defects before they are exploited. Software code detection for software security vulnerabilities is one of the important means to predict and prevent vulnerabilities. Vulnerability static detection is a more effective code vulnerability detection technology, and the vulnerability model detection method is one of the representative detection methods. In order to conduct model detection based on the vulnerability state machine model, we propose a program operation feature extraction method for vulnerability model detection to provid...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/00G06F21/56
Inventor 曾庆凯张林
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products