嵌入式多任务操作下可信软件的漏洞挖掘方法  

作　　者：张志慧[1] 张利桃 ZHANG Zhi-hui;ZHANG Li-tao(School of Artificial Intelligence and Big Data,Hulunbuir University,Hulunbuir Inner Mongolia 021008,China;Inner Mongolia Normal University,Hohhot Inner Mongolia 010000,China)

机构地区：[1]呼伦贝尔学院人工智能与大数据学院,内蒙古呼伦贝尔021008 [2]内蒙古师范大学,内蒙古呼和浩特010000

出　　处：《计算机仿真》2024年第8期486-490,共5页Computer Simulation

基　　金：基于科研大数据的热点分析与智能推荐技术研究(2023ZKYB04);自治区十四五项目(NGJGH2023148)。

摘　　要：嵌入式多任务操作系统中存在多个任务同时运行,彼此之间有交互和共享资源的情况,增加了可信软件漏洞挖掘的复杂性。为了有效地挖掘漏洞,提出嵌入式多任务操作下可信软件漏洞挖掘方法。将嵌入式多任务可信软件程序源代码转换为代码属性图,通过切片操作保留其中与敏感操作相关的有价值信息,采用编码处理代码属性图为特征张量并调节其为固定形状。构建嵌入式多任务可信软件漏洞挖掘模型,引入粒子群优化算法和离散粒子群优化算法分别优化网络参数和特征图连接结构,构建最优深度卷积神经网络模型,将特征张量输入至模型中,实现嵌入式多任务操作下可信软件漏洞挖掘。实验结果表明,所提方法漏报率在5%以下、误报率在10%以下,且ROC曲线理想、漏洞挖掘时间短。In embedded multitasking operating systems,there are multiple tasks running simultaneously,interacting and sharing resources with each other,which increases the complexity of trustworthy software vulnerability mining.To effectively mine vulnerabilities,a method for mining trusted software vulnerabilities under embedded multi-task operation was presented.Firstly,the source code of the trusted software program of embedded multi-task system was converted into a code property graph.Through slicing operations,valuable information related to sensitive operations was retained.Then,the code property graphs were processed by encoding technique as feature tensors.Meanwhile,they were adjusted to a fixed shape.Furthermore,a model of mining trusted software vulnerability was constructed.After that,particle swarm optimization algorithm and discrete particle swarm optimization algorithm were introduced to optimize the network parameters and the feature graph connection structure respectively.Finally,an optimal deep convolutional neural network model was built,and then the feature tensors were input into the model to achieve the trusted software vulnerability mining under embedded multi-task operation.The experimental results show that the proposed method has a false negative rate of less than 5%,as well as a false positive rate of less than 10%.In addition,the ROC curve is ideal,and vulnerability mining time is short as well.

关 键 词：嵌入式 多任务操作 可信软件 漏洞挖掘 模糊测试 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]