Method for discovering memory destruction vulnerability based on natural language understanding function prototype

A natural language understanding and function technology, applied in the fields of electrical digital data processing, instrumentation, calculation, etc., can solve the problem of false negatives, and achieve the effect of reducing false negatives
CN112783755APending Publication Date: 2021-05-11上海蜚语信息科技有限公司
0 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
上海蜚语信息科技有限公司
Publication Date
2021-05-11

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention provides a method for discovering a memory destruction vulnerability based on a natural language understanding function prototype, and relates to the field of software security. The method comprises the following steps: 1, extracting a function prototype in a source code as a to-be-compared function prototype; 2, extracting corpora in the annotations to generate a self-adaptive corpus; 3, performing function prototype segmentation on the to-be-compared function prototype by using the adaptive corpus, and segmenting the to-be-compared function prototype into a group of words or phrases; 4, selecting a function prototype with known function semantics as a reference function prototype, and judging the type of the function prototype to be compared through the reference function prototype; and 5, marking the source code to be detected by using the matching information in the function matching list, and detecting the memory destructive vulnerability by taking the function vulnerability rule as the input of symbolic execution. In the method, the missing report generated in the static source code vulnerability detection is reduced by extracting the memory management function in the source code.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the field of software security, in particular to a method for discovering memory corruption loopholes based on natural language understanding function prototypes. Background technique

[0002] A large part of the reason for memory corruption vulnerabilities is that software developers do not properly manage dynamic memory. Managing dynamic memory usually includes relatively complex memory management logic, so software developers usually use memory management functions for dynamic memory management. However, incorrect use of memory management functions can lead to memory destructive vulnerabilities (for example, after freeing memory, use this memory immediately and release the same memory repeatedly), in static source code vulnerability detection, detection Methods for memory corruption vulnerabilities include: pattern matching, symbolic execution, pointer analysis, etc. Effectively discovering possible memory corruption vulne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More