基于人机交互大数据的软件源码漏洞检测仿真  被引量：1

作　　者：赵焕平[1] 薛党勤[2] 尚展垒 ZHAO Huan-ping;XUE Dang-qin;SHANG Zhan-lei(School of Computer and Software,Nanyang Institute of Technology,Nanyang Henan 473004,China;School of Intelligent Manufacturing,Nanyang Institute of Technology,Nanyang Henan 473004,China;School of Computer and Communication Engineering,Zhengzhou University of Light Industry,Zhengzhou Henan 450002,China)

机构地区：[1]南阳理工学院计算机与软件学院,河南南阳473004 [2]南阳理工学院智能制造学院,河南南阳473004 [3]郑州轻工业大学计算机与通信工程学院,河南郑州450002

出　　处：《计算机仿真》2023年第11期388-392,465,共6页Computer Simulation

基　　金：河南省科技攻关项目(142102210554)。

摘　　要：为防止软件使用者受到不法侵害和个人信息泄露,研究基于人机交互大数据的软件源码漏洞检测仿真方法。创建包含三个模块的软件源码漏洞检测模型,将IE浏览器作为客户端软件,使用源码获取模块的网络爬虫算法获取客户端软件的可疑软件源码,生成可疑软件源码集合,利用源码主动访问模块的高交互式客户端蜜罐技术,主动访问集合内重要度较高的元素,构成可疑软件源码检测点集合,据其运用软件源码漏洞检测模块的混合深度学习模型,实现软件源码漏洞检测。实验结果表明,上述方法的可疑软件源码抓取效率较高,且抓取覆盖率始终高于95%;所提方法的软件源码漏洞检测个数和所处位置与实际结果完全吻合。In order to prevent software users from illegal infringement and personal information disclosure,the simulation method of software source code vulnerability detection was studied based on human-computer interaction big data.Create a software source code vulnerability detection model including three modules,take IE browser as the client software,use the web crawler algorithm of the source code acquisition module to obtain the suspicious software source code of the client software,generate the suspicious software source code collection,and use the highly interac-tive client honeypot technology of the source code active access module to actively access the elements with high im-portance in the collection,constitute a collection of suspicious software source code detection points,and realize soft-ware source code vulnerability detection by using the hybrid deep learning model of software source code vulnerability detection module.The experimental results show that this method has high efficiency in capturing suspicious software source code,and the capture coverage is always higher than 95%;The number and location of software source code vulnerabilities detected by this method are completely consistent with the actual results.

关 键 词：人机交互 大数据 软件源码 漏洞检测仿真 网络爬虫 蜜罐技术 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]