Vulnerability identification technology research based on project version difference
The open source code hosting platform has brought power and opportunities to software development, but there are also many security risks.The open source code has poor quality, the dependency libraries of projects are complex and vulnerability collection platforms are inadequate in collecting vulner...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2022-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021094 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529780003930112 |
|---|---|
| author | Cheng HUANG Mingxu SUN Renyu DUAN Susheng WU Bin CHEN |
| author_facet | Cheng HUANG Mingxu SUN Renyu DUAN Susheng WU Bin CHEN |
| author_sort | Cheng HUANG |
| collection | DOAJ |
| description | The open source code hosting platform has brought power and opportunities to software development, but there are also many security risks.The open source code has poor quality, the dependency libraries of projects are complex and vulnerability collection platforms are inadequate in collecting vulnerabilities.All these problems affect the security of open source projects and complex software with open source complements and most security patches can't be discovered and applied in time.Thus, the hackers could be easily found such vulnerable software.To discover the vulnerability in the open source community fully and timely, a vulnerability identification system based on project version difference was proposed.The update contents of projects in the open source community were collected automatically, then features were defined as security behaviors and code differences from the code and log in patches, 40 features including comment information feature group, page statistics feature group, code statistics feature group and vulnerability type feature group were proposed to build feature set.And random forest model was built to learn classifiers for vulnerability identification.The results show that VpatchFinder achieves a precision rate of 0.844, an accuracy rate of 0.855 and a recall rate of 0.851.Besides, 68.07% of community vulnerabilities can be early discovered by VpatchFinder in real open source CVE vulnerabilities.This research result can improve the current issue in software security architecture design and development. |
| format | Article |
| id | doaj-art-33ad52fb64f94c1a9a00ff795157301a |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2022-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-33ad52fb64f94c1a9a00ff795157301a2025-01-15T03:15:35ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2022-02-018526259571238Vulnerability identification technology research based on project version differenceCheng HUANGMingxu SUNRenyu DUANSusheng WUBin CHENThe open source code hosting platform has brought power and opportunities to software development, but there are also many security risks.The open source code has poor quality, the dependency libraries of projects are complex and vulnerability collection platforms are inadequate in collecting vulnerabilities.All these problems affect the security of open source projects and complex software with open source complements and most security patches can't be discovered and applied in time.Thus, the hackers could be easily found such vulnerable software.To discover the vulnerability in the open source community fully and timely, a vulnerability identification system based on project version difference was proposed.The update contents of projects in the open source community were collected automatically, then features were defined as security behaviors and code differences from the code and log in patches, 40 features including comment information feature group, page statistics feature group, code statistics feature group and vulnerability type feature group were proposed to build feature set.And random forest model was built to learn classifiers for vulnerability identification.The results show that VpatchFinder achieves a precision rate of 0.844, an accuracy rate of 0.855 and a recall rate of 0.851.Besides, 68.07% of community vulnerabilities can be early discovered by VpatchFinder in real open source CVE vulnerabilities.This research result can improve the current issue in software security architecture design and development.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021094vulnerability detectionopen source platformsecurity patchmachine learning |
| spellingShingle | Cheng HUANG Mingxu SUN Renyu DUAN Susheng WU Bin CHEN Vulnerability identification technology research based on project version difference 网络与信息安全学报 vulnerability detection open source platform security patch machine learning |
| title | Vulnerability identification technology research based on project version difference |
| title_full | Vulnerability identification technology research based on project version difference |
| title_fullStr | Vulnerability identification technology research based on project version difference |
| title_full_unstemmed | Vulnerability identification technology research based on project version difference |
| title_short | Vulnerability identification technology research based on project version difference |
| title_sort | vulnerability identification technology research based on project version difference |
| topic | vulnerability detection open source platform security patch machine learning |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021094 |
| work_keys_str_mv | AT chenghuang vulnerabilityidentificationtechnologyresearchbasedonprojectversiondifference AT mingxusun vulnerabilityidentificationtechnologyresearchbasedonprojectversiondifference AT renyuduan vulnerabilityidentificationtechnologyresearchbasedonprojectversiondifference AT sushengwu vulnerabilityidentificationtechnologyresearchbasedonprojectversiondifference AT binchen vulnerabilityidentificationtechnologyresearchbasedonprojectversiondifference |