Software vulnerability discovery system and method based on attribute extraction

A software vulnerability and attribute extraction technology, applied in the field of computer security, can solve the problems of high requirements for analysts, difficult to find analysis points, and large test result sets.

Active Publication Date: 2015-01-07
CHONGQING UNIV OF POSTS & TELECOMM
View PDF4 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Among various vulnerability analysis techniques, although the manual testing technique is simple to implement, the testing process is highly dependent on the tester; Fuzzing technology has the advantages of easy vulnerability reproduction and no false positives, but it is not universal and has the disadvantages of long construction and testing cycles; The lack of comparison technology is greatly affected by compiler optimization; static analysis technology cannot find security holes in the dynamic running process of the program, the detection result set is large, and the false alarm rate is high; dynamic analysis technology can meet the needs of some security detection, but There are still relatively large limitations, such as low efficiency, not easy to find analysis points, and high requirements for analysts.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software vulnerability discovery system and method based on attribute extraction
  • Software vulnerability discovery system and method based on attribute extraction
  • Software vulnerability discovery system and method based on attribute extraction

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] A non-limiting embodiment is given below in conjunction with the accompanying drawings to further illustrate the present invention. It should be understood, however, that these descriptions are exemplary only, and are not intended to limit the scope of the invention. Also, in the following description, descriptions of well-known structures and techniques are omitted to avoid unnecessarily obscuring the concept of the present invention.

[0040] Such as figure 1 Shown is a schematic diagram of the implementation structure of the present invention, including a discovery module, an analysis module, and a reasoning module. Specifically illustrate the detailed implementation process of the present invention, comprise following 3 steps:

[0041] S1: The test object completes the test analysis in the virtualized test environment, and combines multiple vulnerability analysis techniques for parallel analysis. The behavior of the test object is monitored by the virtual machine...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a software vulnerability discovery system and method based on attribute extraction and belongs to the field of computer safety. The system comprises a key code discovery module, a vulnerability analyzing module and a vulnerability deduction module. The method includes the following steps: extracting key codes of software to be tested; executing the software to be tested in the virtual machine environment and adopting a virtual machine fault injection engine and the key codes to conduct testing interaction and record a testing result; conducting deduction by combining the testing result and the discovery experience knowledge base. The system and the method effectively achieve complex causal relationship between uncertain software flaw and loopholes. The software vulnerability discovery system method based on the attribute extraction has certain advantages in the aspects of safety, flexibility and compatibility.

Description

technical field [0001] The invention relates to the field of computer security, and relates to software loophole mining technology, in particular to a software loophole mining method based on attribute extraction. Background technique [0002] With the development of information technology, computer software plays an important role in various fields such as economy, education, and national defense. In this case, software security has become an important issue that people pay more and more attention to. Among them, loopholes refer to some functional or security logic defects in the system or software, including all factors that cause threats and damage the security of the computer system, and are the specific realization of the hardware, software, protocol or system security strategy of the computer system. flaws and deficiencies. Due to various reasons, the existence of vulnerabilities is inevitable. According to the statistics of vulnerability data collected by China Nati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
Inventor 肖云鹏刘亚刘宴兵徐光侠卢星宇钟晓宇蹇怡冉欢马晶
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap