基于语义切片的电力信息系统软件基因安全检测技术研究  

作　　者：史丽鹏 常杰 左晓军 侯波涛 方芳 SHI Lipeng;CHANG Jie;ZUO Xiaojun;HOU Botao;FANG Fang(State Grid Hebei Energy Technology Service Co.,Ltd.,Shijiazhuang 050021,China;State Grid Hebei Electric Power Co.,Ltd.Pingxiang County Power Supply Branch,Pingxiang 054500,China)

机构地区：[1]国网河北能源技术服务有限公司,河北石家庄050021 [2]国网河北省电力有限公司平乡县供电分公司,河北石家庄054500

出　　处：《河北电力技术》2025年第1期66-70,共5页Hebei Electric Power

基　　金：国网河北能源技术服务有限公司(TSS2023-09)。

摘　　要：常见电力信息系统漏洞检测平台如OSV-Scanner、sqlmap等,主要通过主动扫描发送特定请求分析响应以发现漏洞,或采用被动扫描检测分析网络流量,这种方法容易发生误报且检测效率较低。因此,提出了一种基于语义切片的电力信息系统软件基因安全检测方法,通过构建过程间和过程内的软件切片,结合随机森林模型训练,自动化识别哪种代码片断或行为模式与安全漏洞最为相关,并针对未标注代码输出对应的安全预测概率,能够解决因基因库更新而无法离线部署及程序恶意变换导致基因识别正确率低的问题,有助于研发轻量化、识别率高的电力信息系统软件基因安全检测工具,相对于传统检测方法,该方法对常见漏洞如SQL注入、跨站脚本、缓冲区溢出、未授权访问、拒绝服务攻击、配置错误、SCADA系统漏洞等进行分析,检测准确率提升了20%,检测效率提升近15%。Common vulnerability detection platforms for power information systems,such as OSV Scanner and sqlmap,mainly use vulnerability scanning technology to actively scan and send specific request analysis responses to discover vulnerabilities,or use passive scanning to detect and analyze network traffic.This method is prone to false positives and low detection efficiency.Therefore,a semantic slicing based gene security detection method for power information system software is proposed.By constructing software slices between and within processes and training them with a random forest model,it automatically identifies which code fragments or behavior patterns are most related to security vulnerabilities,and outputs corresponding prediction probabilities for unlabeled code.This method can solve the problem of low gene recognition accuracy caused by offline deployment due to gene library updates and malicious program transformations,and contribute to the development of lightweight and high recognition accuracy gene security detection tools for power information system software.Compared with traditional detection methods,this new method analyzes common vulnerability problems such as SQL injection,cross site scripting,buffer overflow,unauthorized access,denial of service attacks,configuration errors,SCADA system vulnerabilitiesand so on.After detection,the average detection accuracy is improved more than 20%,and the detection efficiency has been improved by nearly 15%.

关 键 词：电力信息系统 软件基因 安全检测 语义切片 

分 类 号：TP309.5[自动化与计算机技术—计算机系统结构] TM769[自动化与计算机技术—计算机科学与技术]