基于交叉指纹分析的公共组件库特征提取方法  

作　　者：郭威[1,2] 武泽慧 吴茜琼 李锡星 GUO Wei;WU Zehui;WU Qianqiong;LI Xixing(School of Cyberspace Security,University of Information Engineering,Zhengzhou 450001,China;State Key Laboratory of Mathematical Engineering and Advanced Computing,Information Engineering University,Zhengzhou 450001,China)

机构地区：[1]信息工程大学网络空间安全学院,郑州450001 [2]数学工程与先进计算国家重点实验室,郑州450001

出　　处：《计算机科学》2023年第1期373-379,共7页Computer Science

基　　金：国家重点研发计划(2019QY0501)。

摘　　要：软件公共组件库的广泛使用在提升了软件开发效率的同时,也扩大了软件的攻击面。存在于公共组件库中的漏洞会广泛分布在使用了该库文件的软件中,并且由于兼容性、稳定性以及开发延迟等问题,使得该类漏洞的修复难度大,修补周期长。软件成分分析是解决该类问题的重要手段,但是受限于特征选择有效程度不高和公共组件库的精准特征提取困难的问题,成分分析的准确度不高,普遍停留在种类定位水平。文中提出了一种基于交叉指纹分析的公共组件库特征提取方法,基于GitHub平台25000个开源项目构建指纹库,提出利用源码字符串角色分类、导出函数指纹分析、二进制编译指纹分析等方式来提取组件库的交叉指纹,实现了公共组件库的精准定位,开发了原型工具LVRecognizer,对516个真实软件进行了测试和评估,精确率达到94.74%。The widespread use of software public component libraries increases the speed of software development while expanding the attack surface of software.Vulnerabilities that exist in public component libraries are widely distributed in software that uses the library files,and the compatibility,stability,and development delays make it difficult to fix such vulnerabilities and the patching period is long.Software component analysis is an important tool to solve such problems,but limited by the problem of ineffective feature selection and difficulties in extracting accurate features from public component libraries,the accuracy of component analysis is not high and generally stays at the level of kind location.In this paper,we propose a public component library feature extraction method based on cross-fingerprint analysis,build a fingerprint library based on 25000 open source projects on GitHub platform,propose source string role classification,export function fingerprint analysis,binary compilation fingerprint analysis,etc.to extract cross-fingerprints of component libraries,realize the accurate localization of public component libraries,develop a prototype tool LVRecognizer,test and evaluate 516 real softwares,and obtain a accuracy rate of 94.74%.

关 键 词：软件成分分析 组件识别 动态链接库 版本识别 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]