Open AccessOpen source software security vulnerability detection based on dynamic behavior features
Author(s) -
Yuancheng Li,
Longqiang Ma,
Liang Shen,
Junfeng Lv,
Pan Zhang
Publication year - 2019
Publication title -
plos one
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.99
H-Index - 332
ISSN - 1932-6203
DOI - 10.1371/journal.pone.0221530
Subject(s) - computer science , software security assurance , vulnerability (computing) , vulnerability management , false positive paradox , software , computer security , source code , data mining , vulnerability assessment , artificial intelligence , operating system , information security , security service , psychology , psychological resilience , psychotherapist
Open source software has been widely used in various industries due to its openness and flexibility, but it also brings potential security problems. Therefore, security analysis is required before using open source software. The current mainstream open source software vulnerability analysis technology is based on source code, and there are problems such as false positives, false negatives and restatements. In order to solve the problems, based on the further study of behavior feature extraction and vulnerability detection technology, a method of using dynamic behavior features to detect open source software vulnerabilities is proposed. Firstly, the relationship between open source software vulnerability and API call sequence is studied. Then, the behavioral risk vulnerability database of open source software is proposed as a support for vulnerability detection. In addition, the CNN-IndRNN classification model is constructed by improving the Independently Recurrent Neural Net-work (IndRNN) algorithm and applies to open source software security vulnerability detection. The experimental results verify the effectiveness of the proposed open source software security vulnerability detection method based on dynamic behavior features.