Jisuanji kexue yu tansuo (Sep 2021)
Operation System Vulnerabilities Analysis Based on Code Clone Detection
Abstract
Software vulnerability detection based on code clone detection technology is an important direction in the static analysis of software vulnerability. At present, the existing software vulnerability detection tools have deficie-ncies in the vulnerability detection for large-scale code sets, and lack of optimization for the vulnerability characte-ristics of the operating system. Therefore, based on the code clone detection technology, this paper proposes a method for detecting the vulnerability of the operating system. Firstly, on the basis of the general “code representation-extracting features-feature comparison” detection process, a pre-screening mechanism based on the type of operating system software package and function code size is added to exclude most irrelevant code before performing code representation. Secondly, the basic information of the function, the label sequence and the control flow path are selected to extract the code features, and the similarity between the fragile code and the code under test is compared step by step. Finally, experiments are conducted on typical open source operating systems with fragile samples obtained from the public vulnerability database. The results show that the pre-screening can effectively reduce the code size of the test subjects, and the average accuracy of the detection results reaches 84%.
Keywords
