计算机技术 |
|
|
|
|
基于漏洞指纹的软件脆弱性代码复用检测方法 |
刘臻, 武泽慧, 曹琰, 魏强 |
信息工程大学 数学工程与先进计算国家重点实验室, 河南 郑州 450001 |
|
Software vulnerable code reuse detection method based on vulnerability fingerprint |
LIU Zhen, WU Ze-hui, CAO Yan, WEI Qiang |
State Key Laboratory of Mathematical Engineering and Advanced Computing, Information Engineering University, Zhengzhou 450001, China |
引用本文:
刘臻, 武泽慧, 曹琰, 魏强. 基于漏洞指纹的软件脆弱性代码复用检测方法[J]. 浙江大学学报(工学版), 2018, 52(11): 2180-2190.
LIU Zhen, WU Ze-hui, CAO Yan, WEI Qiang. Software vulnerable code reuse detection method based on vulnerability fingerprint. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2018, 52(11): 2180-2190.
链接本文:
http://www.zjujournals.com/eng/CN/10.3785/j.issn.1008-973X.2018.11.017
或
http://www.zjujournals.com/eng/CN/Y2018/V52/I11/2180
|
[1] LOPES C V, MAJ P, MARTINS P, et al. DejaVu:a map of code duplicates on GitHub[J/OL]. Proceedings of the ACM on Programming Languages, 2017, 1(OOPSLA):84[2017-11-28] . http://delivery.acm.org/10.1145/3140000/3133908/oopsla17-oopsla176.pdf.
[2] BLACK DUCK SOFTWARE. 2017 Open source security and risk analysis report[R/OL]. (2017-4-18)[2017-11-28] . https://www.blackducksoftware.com/open-source-security-risk-analysis-2017.
[3] KOROLOV M. Attacks based on open source vulnerabilities will rise 20 percent this year[R/OL]. (2017-1-17)[2017-11-28] . http://www.csoonline.com/article/3157377/application-development/report-attacks-based-on-open-source-vulnerabilities-will-rise-20-percent-this-year.html.
[4] JONES E L. Metrics based plagiarism monitoring[J]. Journal of Computing Sciences in Colleges, 2001, 16(4):253-261.
[5] ROY C K, CORDY J R, KOSCHKE R, et al. Comparison and evaluation of code clone detection techniques and tools:a qualitative approach[J]. Science of Computer Programming, 2009, 74(7):470-495.
[6] JANG J, ABEER A, DAVID B. ReDeBug:finding unpatched code clones in entire OS distributions[C]//IEEE Symposium on Security and Privacy. San Francisco:IEEE, 2012:48-62.
[7] LI H, KWON H, KWON J, et al. CLORIFI:software vulnerability discovery using code clone verification[J]. Concurrency and Computation Practice and Experience, 2016, 28(6):1900-1917.
[8] 甘水滔, 秦晓军, 陈左宁, 等. 一种基于特征矩阵的软件脆弱性代码克隆检测方法[J]. 软件学报, 2015, 26(2):348-363 GAN Shui-tao, QIN Xiao-jun, CHEN Zuo-ning, et al. Software vulnerability code clone detection method based on characteristic metrics[J]. Journal of Software, 2015, 26(2):348-363
[9] LI Z, ZOU D, XU S, et al. VulPecker:an automated vulnerability detection system based on code similarity analysis[C]//Conference on Computer Security Applications. Los Angeles:ACM, 2016:201-213.
[10] KIM S, WOO S, LEE H, et al. VUDDY:a scalable approach for vulnerable code clone discovery[C]//Security and Privacy. San Jose:IEEE, 2017:595-614.
[11] ROY C K, CORDY J R. NICAD:accurate detection of near-miss intentional clones using flexible pretty-printing and code normalization[C]//The 16th IEEE International Conference on Program Comprehension. Amsterdam:IEEE, 2008:172-181.
[12] KAWAMITSU N, ISHIO T, KANDA T, et al. Identifying source code reuse across repositories using LCS-based source code similarity[C]//International Working Conference on Source Code Analysis and Manipulation. Victoria:IEEE, 2014:305-314.
[13] 常超, 刘克胜, 赵军, 等. 基于复用代码检测的缺陷发现方法[J]. 系统工程与电子技术, 2017, 9(39):2157-2164 CHANG Chao, LIU Ke-sheng, ZHAO Jun, et al. Clone flaw detection method based on clone code detection[J]. Systems Engineering and Electronics, 2017, 9(39):2157-2164
[14] PARR T. Another tool for language recognition[EB/OL]. (2013-5-20)[2017-11-28] . http://www.antlr.org/
[15] 田振洲, 刘烃, 郑庆华, 等. 软件抄袭检测研究综述[J]. 信息安全学报, 2016(3):52-76 TIAN Zhen-zhou, LIU Ting, ZHENG Qing-hua, et al. Software plagiarism detection:a survey[J]. Journal of Cyber Security, 2016(3):52-76
[16] LI Z, LU S, MYAGMAR S, et al. CP-Miner:finding copy-paste and related bugs in large-scale software code[J]. IEEE Transactions on Software Engineering, 2006, 32(3):176-192.
[17] SAJNANI H, SAINI V, SVAJLENKO J, et al. SourcererCC:scaling code clone detection to big-code[C]//38th International Conference on Software Engineering. Austin:ACM, 2016:1157-1168. |
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
|
Shared |
|
|
|
|
|
Discussed |
|
|
|
|