Jin Li, Jinfu Chen, Minhuan Huang, Minmin Zhou, Lin Zhang, Wanggen Xie
{"title":"一种集成测试平台的软件漏洞检测方法","authors":"Jin Li, Jinfu Chen, Minhuan Huang, Minmin Zhou, Lin Zhang, Wanggen Xie","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.341","DOIUrl":null,"url":null,"abstract":"Software vulnerability detecting is an important way of discovering the existing loopholes in software in order to ensure the information security. With the rapid development of the information technology in our society, a large variety of application software with various potentially vulnerabilities has emerged. Therefore, a timely discovery and repair of these loopholes before they are exploited by attackers can effectively reduce the threat in the information system. It is of great significance for us to take the initiative to explore and analyze the system security loopholes, so that the danger or threat to the system will be effectively reduced. From the previous research on the software vulnerability detection we have found that each of the existing vulnerability detection methods or tools can only perform well in some particular occasions. In order to overcome such shortcoming and improve these existing detection methods, we present a more accurate and complete analysis of current mainstream detection methods as well as design a set of evaluation criteria for different detection methods in this paper. Meanwhile, we also propose and design an integrated test framework, on which we can test the typical static analysis methods and dynamic mining methods as well as make the comparison, so that we can obtain an intuitive comparative analysis of the results. Finally, we report the experimental analysis to verify the feasibility and effectiveness of the proposed evaluation method and the testing framework, with the results showing that the final test results will serve as a form of guidance to aid the selection of the most appropriate and effective method or tools in vulnerability detection activity.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"An Integration Testing Platform for Software Vulnerability Detection Method\",\"authors\":\"Jin Li, Jinfu Chen, Minhuan Huang, Minmin Zhou, Lin Zhang, Wanggen Xie\",\"doi\":\"10.1109/Trustcom/BigDataSE/ICESS.2017.341\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software vulnerability detecting is an important way of discovering the existing loopholes in software in order to ensure the information security. With the rapid development of the information technology in our society, a large variety of application software with various potentially vulnerabilities has emerged. Therefore, a timely discovery and repair of these loopholes before they are exploited by attackers can effectively reduce the threat in the information system. It is of great significance for us to take the initiative to explore and analyze the system security loopholes, so that the danger or threat to the system will be effectively reduced. From the previous research on the software vulnerability detection we have found that each of the existing vulnerability detection methods or tools can only perform well in some particular occasions. In order to overcome such shortcoming and improve these existing detection methods, we present a more accurate and complete analysis of current mainstream detection methods as well as design a set of evaluation criteria for different detection methods in this paper. Meanwhile, we also propose and design an integrated test framework, on which we can test the typical static analysis methods and dynamic mining methods as well as make the comparison, so that we can obtain an intuitive comparative analysis of the results. Finally, we report the experimental analysis to verify the feasibility and effectiveness of the proposed evaluation method and the testing framework, with the results showing that the final test results will serve as a form of guidance to aid the selection of the most appropriate and effective method or tools in vulnerability detection activity.\",\"PeriodicalId\":170253,\"journal\":{\"name\":\"2017 IEEE Trustcom/BigDataSE/ICESS\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE Trustcom/BigDataSE/ICESS\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.341\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE Trustcom/BigDataSE/ICESS","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.341","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Integration Testing Platform for Software Vulnerability Detection Method
Software vulnerability detecting is an important way of discovering the existing loopholes in software in order to ensure the information security. With the rapid development of the information technology in our society, a large variety of application software with various potentially vulnerabilities has emerged. Therefore, a timely discovery and repair of these loopholes before they are exploited by attackers can effectively reduce the threat in the information system. It is of great significance for us to take the initiative to explore and analyze the system security loopholes, so that the danger or threat to the system will be effectively reduced. From the previous research on the software vulnerability detection we have found that each of the existing vulnerability detection methods or tools can only perform well in some particular occasions. In order to overcome such shortcoming and improve these existing detection methods, we present a more accurate and complete analysis of current mainstream detection methods as well as design a set of evaluation criteria for different detection methods in this paper. Meanwhile, we also propose and design an integrated test framework, on which we can test the typical static analysis methods and dynamic mining methods as well as make the comparison, so that we can obtain an intuitive comparative analysis of the results. Finally, we report the experimental analysis to verify the feasibility and effectiveness of the proposed evaluation method and the testing framework, with the results showing that the final test results will serve as a form of guidance to aid the selection of the most appropriate and effective method or tools in vulnerability detection activity.