基于模糊度量的软件漏洞检测技术研究

Vulnerability detection research based on fuzzy measure

本文根据有限状态自动机和模型检测的思想,结合模糊数学对行为分析的优势,提出基于模糊度量的软件漏洞检测技术,并利用漏洞属性分解和模糊状态转移函数使此技术具有自学习机制和更高效广泛的检测能力。实验测试了利用模糊度量的软件漏洞检测技术可以提高漏洞发现率和给出漏洞的危急程度。

According to finite state automata and model checking,and the advantage of fuzzy math on the behavior analysis,vulnerability detection method based on fuzzy measure.We exploited vulnerability property of decomposition and fuzzy state transition function to make the model more efficient with a wide range of testing capabilities and self-learning mechanism. Experimental test of software using fuzzy metric detection techniques can increase the vulnerability discovery rate and given the extent of the critical vulnerabilities.