Cargando…
Open source software security vulnerability detection based on dynamic behavior features
Open source software has been widely used in various industries due to its openness and flexibility, but it also brings potential security problems. Therefore, security analysis is required before using open source software. The current mainstream open source software vulnerability analysis technolo...
| Autores principales: | , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Public Library of Science
2019
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6707627/ https://www.ncbi.nlm.nih.gov/pubmed/31442278 http://dx.doi.org/10.1371/journal.pone.0221530 |
| _version_ | 1783445890359361536 |
|---|---|
| author | Li, Yuancheng Ma, Longqiang Shen, Liang Lv, Junfeng Zhang, Pan |
| author_facet | Li, Yuancheng Ma, Longqiang Shen, Liang Lv, Junfeng Zhang, Pan |
| author_sort | Li, Yuancheng |
| collection | PubMed |
| description | Open source software has been widely used in various industries due to its openness and flexibility, but it also brings potential security problems. Therefore, security analysis is required before using open source software. The current mainstream open source software vulnerability analysis technology is based on source code, and there are problems such as false positives, false negatives and restatements. In order to solve the problems, based on the further study of behavior feature extraction and vulnerability detection technology, a method of using dynamic behavior features to detect open source software vulnerabilities is proposed. Firstly, the relationship between open source software vulnerability and API call sequence is studied. Then, the behavioral risk vulnerability database of open source software is proposed as a support for vulnerability detection. In addition, the CNN-IndRNN classification model is constructed by improving the Independently Recurrent Neural Net-work (IndRNN) algorithm and applies to open source software security vulnerability detection. The experimental results verify the effectiveness of the proposed open source software security vulnerability detection method based on dynamic behavior features. |
| format | Online Article Text |
| id | pubmed-6707627 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2019 |
| publisher | Public Library of Science |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-67076272019-09-04 Open source software security vulnerability detection based on dynamic behavior features Li, Yuancheng Ma, Longqiang Shen, Liang Lv, Junfeng Zhang, Pan PLoS One Research Article Open source software has been widely used in various industries due to its openness and flexibility, but it also brings potential security problems. Therefore, security analysis is required before using open source software. The current mainstream open source software vulnerability analysis technology is based on source code, and there are problems such as false positives, false negatives and restatements. In order to solve the problems, based on the further study of behavior feature extraction and vulnerability detection technology, a method of using dynamic behavior features to detect open source software vulnerabilities is proposed. Firstly, the relationship between open source software vulnerability and API call sequence is studied. Then, the behavioral risk vulnerability database of open source software is proposed as a support for vulnerability detection. In addition, the CNN-IndRNN classification model is constructed by improving the Independently Recurrent Neural Net-work (IndRNN) algorithm and applies to open source software security vulnerability detection. The experimental results verify the effectiveness of the proposed open source software security vulnerability detection method based on dynamic behavior features. Public Library of Science 2019-08-23 /pmc/articles/PMC6707627/ /pubmed/31442278 http://dx.doi.org/10.1371/journal.pone.0221530 Text en © 2019 Li et al http://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. |
| spellingShingle | Research Article Li, Yuancheng Ma, Longqiang Shen, Liang Lv, Junfeng Zhang, Pan Open source software security vulnerability detection based on dynamic behavior features |
| title | Open source software security vulnerability detection based on dynamic behavior features |
| title_full | Open source software security vulnerability detection based on dynamic behavior features |
| title_fullStr | Open source software security vulnerability detection based on dynamic behavior features |
| title_full_unstemmed | Open source software security vulnerability detection based on dynamic behavior features |
| title_short | Open source software security vulnerability detection based on dynamic behavior features |
| title_sort | open source software security vulnerability detection based on dynamic behavior features |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6707627/ https://www.ncbi.nlm.nih.gov/pubmed/31442278 http://dx.doi.org/10.1371/journal.pone.0221530 |
| work_keys_str_mv | AT liyuancheng opensourcesoftwaresecurityvulnerabilitydetectionbasedondynamicbehaviorfeatures AT malongqiang opensourcesoftwaresecurityvulnerabilitydetectionbasedondynamicbehaviorfeatures AT shenliang opensourcesoftwaresecurityvulnerabilitydetectionbasedondynamicbehaviorfeatures AT lvjunfeng opensourcesoftwaresecurityvulnerabilitydetectionbasedondynamicbehaviorfeatures AT zhangpan opensourcesoftwaresecurityvulnerabilitydetectionbasedondynamicbehaviorfeatures |