基于信息流分析的容器内恶意软件漏洞检测方法  被引量：2

作　　者：孙俊琳 SUN Junlin(Department of Information Engineering,Yantai Vocational College,Yantai 264000,Shandong,China)

机构地区：[1]烟台职业学院信息工程系,山东烟台264000

出　　处：《上海电机学院学报》2023年第2期105-109,116,共6页Journal of Shanghai Dianji University

基　　金：山东省教育科学“十三五”规划年度课题“产业三换背景下高职院校传统专业智能化升级的路径与教学策略研究”(2020ZC364)。

摘　　要：软件漏洞属性信息种类较多,加之容器内信息流更新速度较快,容易出现突发流量,影响漏洞检测精准度。为了提高容器内恶意软件漏洞检测性能,提出基于信息流分析的容器内恶意软件漏洞检测方法。根据信息流传输产生的突发流量,获取容器内恶意软件的信息流。采用恶意软件漏洞节点的有序集合,采集软件漏洞的基本属性信息,利用自动窗口机制建立恶意软件漏洞特征空间,采用额外附加激励的方式,挖掘容器内恶意软件漏洞特征。通过提取软件漏洞的特征值,构建了软件漏洞模型。通过计算软件中任意节点的安全风险值,给出攻击成功率的经验阈值,结合容器内恶意软件所处的风险态势,检测出容器内恶意软件的漏洞。实验结果表明:本文方法在检测软件漏洞时,可以将漏检率和误检率控制在4%以内。There are many types of software vulnerability attribute information,and the update speed of information flow in the container is fast,which is prone to burst traffic that affects the accuracy of vulnerability detection.In order to improve the performance of malware vulnerability detection in containers,a method of malware vulnerability detection in containers is proposed based on information flow analysis.First,the information flow of malicious software in the container is obtained according to the burst flow generated by the information flow transmission.The ordered collection of malware vulnerability nodes is used,the basic attribute information of software vulnerabilities is collected,the feature space of malware vulnerabilities is established by using the automatic window mechanism,and the characteristics of malware vulnerabilities in the container are mined by means of additional incentives.A software vulnerability model is constructed by extracting the eigenvalues of software vulnerability.By calculating the security risk value of any node in the software,the empirical threshold of the attack success rate is given.Combined with the risk situation of the malware in the container,the vulnerability of the malware in the container is detected.The experimental results show that the missed detection rate and the false detection rate can be controlled within 4%when software vulnerabilities are detected by the proposed method.

关 键 词：信息流分析 漏洞检测 恶意软件 特征挖掘 恶意攻击 运行程序 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]