{"title":"利用分析代码图表示的算法组合搜索软件漏洞","authors":"G. S. Kubrin, D. P. Zegzhda","doi":"10.3103/S0146411623080126","DOIUrl":null,"url":null,"abstract":"<p>This article analyzes the existing methods for searching for software vulnerabilities. For methods using deep learning models on a graph representation of the code, the problem of imaginary relationships between procedures is formulated, which complicates their application to code analysis problems. To solve the formulated problem, an iterative method is proposed based on an ensemble of algorithms for analyzing the graph representation of the code. The method relies on a step-by-step narrowing of the set of code sections under consideration to increase the efficiency of using highly computationally complex methods. For the proposed method, a prototype of a system for searching for vulnerabilities for programs based on the .NET platform is presented, tested on a sample of NIST SARD and software with a large amount of code.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"57 8","pages":"947 - 957"},"PeriodicalIF":0.6000,"publicationDate":"2024-02-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Searching for Software Vulnerabilities Using an Ensemble of Algorithms for the Analysis of a Graph Representation of the Code\",\"authors\":\"G. S. Kubrin, D. P. Zegzhda\",\"doi\":\"10.3103/S0146411623080126\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>This article analyzes the existing methods for searching for software vulnerabilities. For methods using deep learning models on a graph representation of the code, the problem of imaginary relationships between procedures is formulated, which complicates their application to code analysis problems. To solve the formulated problem, an iterative method is proposed based on an ensemble of algorithms for analyzing the graph representation of the code. The method relies on a step-by-step narrowing of the set of code sections under consideration to increase the efficiency of using highly computationally complex methods. For the proposed method, a prototype of a system for searching for vulnerabilities for programs based on the .NET platform is presented, tested on a sample of NIST SARD and software with a large amount of code.</p>\",\"PeriodicalId\":46238,\"journal\":{\"name\":\"AUTOMATIC CONTROL AND COMPUTER SCIENCES\",\"volume\":\"57 8\",\"pages\":\"947 - 957\"},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2024-02-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"AUTOMATIC CONTROL AND COMPUTER SCIENCES\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://link.springer.com/article/10.3103/S0146411623080126\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"AUTOMATION & CONTROL SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","FirstCategoryId":"1085","ListUrlMain":"https://link.springer.com/article/10.3103/S0146411623080126","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}
Searching for Software Vulnerabilities Using an Ensemble of Algorithms for the Analysis of a Graph Representation of the Code
This article analyzes the existing methods for searching for software vulnerabilities. For methods using deep learning models on a graph representation of the code, the problem of imaginary relationships between procedures is formulated, which complicates their application to code analysis problems. To solve the formulated problem, an iterative method is proposed based on an ensemble of algorithms for analyzing the graph representation of the code. The method relies on a step-by-step narrowing of the set of code sections under consideration to increase the efficiency of using highly computationally complex methods. For the proposed method, a prototype of a system for searching for vulnerabilities for programs based on the .NET platform is presented, tested on a sample of NIST SARD and software with a large amount of code.
期刊介绍:
Automatic Control and Computer Sciences is a peer reviewed journal that publishes articles on• Control systems, cyber-physical system, real-time systems, robotics, smart sensors, embedded intelligence • Network information technologies, information security, statistical methods of data processing, distributed artificial intelligence, complex systems modeling, knowledge representation, processing and management • Signal and image processing, machine learning, machine perception, computer vision
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
