CN101452469B - Software safety defect library system based on attack mode and management method thereof - Google Patents
Software safety defect library system based on attack mode and management method thereof Download PDFInfo
- Publication number
- CN101452469B CN101452469B CN2008101544322A CN200810154432A CN101452469B CN 101452469 B CN101452469 B CN 101452469B CN 2008101544322 A CN2008101544322 A CN 2008101544322A CN 200810154432 A CN200810154432 A CN 200810154432A CN 101452469 B CN101452469 B CN 101452469B
- Authority
- CN
- China
- Prior art keywords
- safety defect
- software safety
- software
- defect
- classification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a software security defect database system based on an attack mode, which comprises a construction unit of a security defect database, a management unit of the security defect database, and a security defect body. The software security defect database system is characterized in that the construction unit of the security defect database comprises the steps of establishing a mapping from the attack mode to a software defect structure, establishing a mapping from the attack mode to a security defect and a mapping from the security defect to a corresponding alleviation proposal, and constructing the two mappings into a unified model; and the management unit of the security defect database comprises a security defect information acquisition module and a security defect information classification module, wherein information acquisition is based on WEB subject mining technology, and defect classification is based on body technology. The software security defect database system simultaneously combines external attack mode analysis and a security-oriented software development cycle to construct a security defect database model, so as to reduce security defects of software products and improve the quality of software, thereby the software security defect database system meets different demands on software security defect examples in different stages and can be used for supporting the data service of the security defect model.
Description
Technical field
The present invention relates to a kind of software building method, particularly relate to a kind ofly in software development cycle, find and solution based on the software safety defect of attack mode.
Background technology
Along with the raising of popularizing and the credible aspect of software security being required of internet, software safety defect causes the exploitation present situation of software can not be satisfactory.Software defect is the composition that does not satisfy specified requirement in the software work product, is the immanent cause that causes software fault and even inefficacy.Its generation is through the whole software Project Development Life Cycle, to fundamentally reduce the cost of development of secure and trusted software, improve the reliability that is developed software, just must promptly pay close attention to such software safety defect problem and character at commitments such as demand, designs.Attack mode is described the action process that external attacker is attacked system implementation, its at target and system defect have corresponding relation, and software safety defect is the security hidden trouble of software inherence, is to be produced by the improper processing in software development, deployment, the use.At present, the research about software trust and safety mainly contains three angles: 1) from software developer's angle, research software security engineering method is learned; 2) from assailant's angle, discover the new attack method, how to use and defend these attack methods; 3) from software itself, discovery, management and the use of research software self-defect.
From the viewpoint of software systems, the software security problem is to be hidden in its inner software safety defect and from the interactional product of the attack of system outside.Current domestic and international research mostly isolatedly unilaterally conducts a research from above-mentioned two, do not have systematically in conjunction with the mutual relationship between assailant, software safety defect and the software development process three and influence each other, thereby coupling system attack mode well, the software security problem that the classification and the administrative institute of software safety defect brought.
In sum, the present invention's key problem of attempting to solve comprises: from the attack mode to the software safety defect and relax the corresponding relation of scheme; Treat attack method pattern and software safety defect from the visual field of SDLC, establish software safety defect classification and management system, necessary knowledge storehouse and management tool are provided; And how to set up setting and realization, the establishment of software process capability baseline and the problem of optimization that sophisticated software safety defect classification and management system ensure the tracking of the planning of software quality management and enforcement, software safety defect and management, software quality target.
Summary of the invention
In view of above-mentioned technical matters, the present invention proposes a kind of software safety defect Database Systems machine handing method based on attack mode, in the software development cycle that comprises the stages such as demand analysis, design and coding, in conjunction with parsing to attack mode, by making up software safety defect library, realize automatic discovery, classification and the management of software safety defect.
The present invention proposes a kind of software safety defect Database Systems machine handing method based on attack mode, comprise construction unit and the administrative unit and the software safety defect body of software safety defect database, the construction unit of described software safety defect database comprises the mapping of foundation from the attack mode behavior sequence to the software safety defect structure; Foundation also comprises the mapping of safety defect and corresponding mitigation scheme from the attack mode and the mapping of safety defect, and above two mappings are built into unified model;
The administrative unit of software safety defect database comprises software safety defect information gathering, two modules of classification, wherein:
Software safety defect information gathering module is specified initial URL to describe by administrator interface and is grasped tabulation, and calculates the Webpage correlation degree and select URL in the process of focused crawler extracting tabulation, tabulates with abundant the extracting; Select page stores by the webpage selector switch, and set up index;
Software safety defect information classification module, according to the software safety defect that takes out from attack mode, set up the software safety defect body, be used to judge the defective classification, realize the function of keyword matching, the standard of setting a new defective of judgement is: calculate current defective and the similarity that has had classification, when similarity all is lower than threshold value, newly-built classification in the storehouse, otherwise select the highest classification of similarity as class under the newly-increased software safety defect; The span of this threshold value is 0.2-0.5;
Software safety defect information to above-mentioned two modules acquisition, adopt text analysis technique further therefrom to extract software safety defect, and be converted into the data that satisfy software safety defect database storing structure, utilize the body of software safety defect classification to judge the defective classification, and add new class or add new.
Described software safety defect structure comprises the level of defective sign, preposition/postcondition, defective.
Described mitigation scheme is broken down into the repeatably individual mitigation of some independences, and is created as reusable mitigation scheme base as overall mitigation scheme.
Described attack mode is taken from the attack mode storehouse in safe coding stage, and this attack mode Cooley obtains with the system vulnerability testing tool; Be that a large amount of attack modes are collected, summed up the prototype database that the back is set up, use when Map Interface is provided for the extraction software safety defect; Described software safety defect is taken from the mitigation scheme base of software security design phase or is misapplied routine storehouse, this mitigation scheme base is utilized respectively and is threatened modeling tool or demand for security analysis tool to obtain, be a reusable mitigation scheme database that forms by the combination independent alternative, the corresponding software safety defect of finding; This is misapplied routine Cooley and obtains with the demand for security analysis tool, provide the demand for security analysis phase with in the illustration, the function that the misuse example of represent software safety defect and use-case mate; The software safety defect library utilization of software security design phase threatens modeling tool to obtain, be based on and threaten tree/attack tree-model that the software safety defect structural information is provided, the software safety defect sorting technique, the implementation procedure of software safety defect stage division, and further support initiatively to provide relevant solution based on the program analysis technique and the support of characteristic matching.
With above-mentioned three phases, be that the aid collection that is provided in demand for security analysis phase, Safety Design stage and safe coding stage is encapsulated as service interface, be in demand for security tool interface, Safety Design tool interface and the safe coding tool interface, and hide inside with the encapsulation of UDDI form and realize, when the user uses, according to different needs, can directly call the required service interface by the mode that remote interface calls.
Described software safety defect body comprises to be set up a series of matched rules, corresponding weights, is used to judge the threshold value of whether adding a new software safety defect class.
After described software safety defect database encapsulates, issue based on the web service interface.
The invention allows for the software safety defect data base management method based on the software safety defect Database Systems of attack mode, this method may further comprise the steps:
The administrative unit of software safety defect database comprises software safety defect information gathering, two modules of classification, information gathering, and Software Defects Classification is based on ontology; Wherein:
Software safety defect information gathering operation based on WEB theme digging technology: specify initial URL to describe by administrator interface and grasp tabulation, and in the process of focused crawler extracting tabulation, calculate the Webpage correlation degree and select URL, tabulate with abundant the extracting; Select page stores by the webpage selector switch, and set up index;
Software safety defect sort operation based on software safety defect classification body technology: according to the software safety defect that takes out from attack mode, set up the software safety defect body, be used to judge the software safety defect classification, realize the function of keyword matching, setting the standard of judging a new software safety defect is: calculate current defective and the similarity that has classification, when similarity all is lower than threshold value, newly-built classification in the storehouse, otherwise select the highest classification of similarity as class under the newly-increased software safety defect, the span of this threshold value is 0.2-0.5.
To above-mentioned two software safety defect information that operation obtains, adopt text analysis technique further therefrom to extract software safety defect, and be converted into the data that satisfy software safety defect database storing structure, utilize the body of classification of defects to judge the defective classification, and add new class or new item.
Compared with prior art, the present invention simultaneously makes up the software safety defect database model in conjunction with extraneous attack mode analysis and towards the fail-safe software construction cycle, to reduce the software product safety defect, improve software quality, thereby satisfy the different demands of different phase to the software safety defect example, can be used for the data, services of support software safety defect model, the good effect that the present invention brought comprises:
1, proposes the construction method of software safety defect database, be used to instruct the structure of software safety defect database.The user can make up the characteristic defect database that meets own demand according to this method, increases work efficiency, and reduces manpower, financial resource consumption;
2, proposition from the technical basis of new visual angle research classification of defects, thereby is enriched the research in defect model field based on the classification of defects method of attack mode.Utilize ontology to enrich the defective semantic information simultaneously, improved the accuracy of classification of defects technology, make to new in-stockroom operation efficient higher;
3, developed the software safety defect database application in software requirement analysis, design and coding aid collection, and by web service service technology database is encapsulated in the later stage, realize operations such as inquiry, renewal, maintenance for the user provides interface, improved user's commercial efficiency.
Description of drawings
Fig. 1 is the overall construction drawing of the software safety defect library system based on attack mode of the present invention;
Fig. 2 is the safety defect database management module figure of the software safety defect system based on attack mode of the present invention.
Embodiment
Defective is effectively classified and management helps improving software project management level and quality.Dynamically collect and the management software safety defect by setting up software safety defect library, for storage, classification and the management of software safety defect provides favourable space.In order to realize this target, need to formulate classification of defects method at the fail-safe software safety defect library.The purpose of classification is that software safety defect is measured process reason, improvement software process, prevention software defect, the improvement software quality that produces with the analysis software safety defect, the degree of ripeness that improves the software development ability of tissue.
Mentality of designing of the present invention comprises:
1) taxonomic hierarchies of research attack mode and software defect is concluded the mapping relations from attack mode to the software defect structure, provides a kind of formal fail-safe software engineering development methodology.
2) construction method of a software safety defect database is proposed, based on semantic network technology, design and Implement one comprise the attack mode storehouse, misapply routine storehouse, the software security exploitation case knowledge base of software safety defect library, mitigation scheme base etc.
3) based on Internet technology, automatic discovery, identification, the sorting technique of research new attack pattern and defective, and the active update mechanism of the classification of defective mechanism and defect database, develop corresponding tool set, excavate by web and from network, to catch new software safety defect automatically, realize fast and effectively the content of database being enriched in the mode of robotization.
4) assisting software development tool set of exploitation based on defect database, function such as replacement is filtered and is selected in the search that possesses software defect, assist and in software development process, seek security breaches and recommend the mitigation scheme, so that software development promptly find potential safety hazard in early days, and provide rational solution.
Quadrature classification of defects method is adopted in software safety defect classification of the present invention, this method summary frequency that the different software defective occurs in software development process, the analyzing defect data are to the major defect type proportion in each stage and add up, and can observe out the variation tendency of various defect types at successive stages significantly.The actual distribution situation and the ideal distribution model of every kind of defect type are compared, can know clearly whether the actual distribution of defect type exists anomaly trend.This feedback is very important to performance history, in the timely on the first appearance stopped process of anomaly trend, and the problem in the solution process, thus save cost, reduction risk.
The final goal that defective is managed is to reduce the occurrence rate of defective to greatest extent, thereby improves the quality of software product.Memorandum is a most basic effect of fault management system.Generation of defects, change need in time be notified the related personnel, make it can inquire about the defective data of different situations at any time.Project administrator should be able in time fully understand present item status, and monitoring is also adjusted defective data.Carry out the purpose of defect management, promptly reach the number of defects that reduces software product effectively by collecting steps such as defective, analysis and statistical shortcomings, eliminating defective and prevention defective.The defective of having collected is carried out statistical study, sum up the reason that defective occurs, to reach the purpose of prevention.Achieve this end, the defective source of carrying out quantitative test must be arranged, this just determines and must each defective of finding be managed.
General structure of the present invention comprises construction unit 10 and the administrative unit 20 and the safety defect body 30 of software safety defect database as shown in Figure 1:
1, the construction unit 10 of safety defect database
This unit comprises the mapping of foundation from attack mode to the software defect structure, comprise the mapping of attack mode 101 and safety defect 102, be that attack mode behavior sequence and defect sturcture (identify as defective, preposition postcondition, the level of defective) mapping also comprises the mapping of software safety defect 102 and corresponding mitigation scheme 103, and mitigation scheme 103 is as overall mitigation scheme, be broken down into the repeatably individual mitigation of some independences, and be created as reusable mitigation scheme base.On this basis, unified these two mappings make up unified model.
Above-mentioned attack mode 101 is taken from the attack mode storehouse 107 in safe coding stage 110, and this attack mode storehouse 107 utilizes the system vulnerability testing tool to obtain; Above-mentioned software safety defect 102 is taken from the mitigation scheme base 105 of software security design phase 109 or is misapplied routine storehouse 104, this mitigation scheme base 105 is utilized respectively and is threatened that modeling tool or demand for security analysis tool obtain, this misapplies routine storehouse 104 and utilize the demand for security analysis tool to obtain, above-mentioned mitigation scheme is taken from the software safety defect library 106 in Safety Design stage 109, and the software safety defect library utilization of software security design phase 109 threatens modeling tool to obtain.Software safety defect database of the present invention can also be issued based on the web service interface after encapsulating.
The structure of software safety defect database
According to database construction method, the software safety defect database of being set up has 4 branch storehouses:
(1) attack mode storehouse
Be that a large amount of attack modes are collected, summed up the prototype database that the back is set up, use when Map Interface is provided for the extraction software safety defect.
(2) misapply routine storehouse
Using in the illustration of demand for security analysis phase is provided, represents the misuse example of software safety defect and the function of use-case coupling.
(3) software safety defect library
Provide defect sturcture information based on threat tree/attack tree-model, the classification of defects method, the implementation procedure of defect system method, and further support initiatively to provide relevant solution based on the program analysis technique and the support of characteristic matching.
(4) relax scheme base
By the reusable mitigation scheme database that the combination independent alternative forms, the corresponding software safety defect of finding.
2, the administrative unit 20 of software safety defect database
The administrative unit 20 of software safety defect database comprises software safety defect information gathering, two modules of classification, and information gathering is based on WEB theme digging technology, and classification of defects is based on ontology.The architecture of software safety defect database management module is as shown in Figure 2:
Information gathering is specified initial URL to describe by administrator interface 201 and is grasped tabulation 202, and calculates the Webpage correlation degree and select URL in the process of focused crawler 203 extracting tabulations 202, so that abundant the extracting tabulates 202; 204 significance levels of being responsible for calculating webpage of webpage selector switch, in case find the centre type webpage, and dynamically determine the access order of webpage thus, the page and memory page information 205 that the selection of assessment webpage meets the demands.
Software safety defect divides time-like, according to the software safety defect that takes out from attack mode, sets up " software safety defect " body 30, is used to judge the defective classification, realizes the function of keyword matching.Content comprises to be set up the corresponding weights of a series of matched rules, foundation, sets up threshold value and be used to judge whether add a new defective class.Initial setting judges that the standard of a new defective is: calculate current defective and the similarity (being weights) that has classification, when similarity all is lower than threshold value, newly-built classification in the storehouse, otherwise select the highest classification of similarity as class under the newly-increased software safety defect.
At last, according to the information of this two aspect, adopt text analysis technique further therefrom to extract software safety defect, and be converted into the data that satisfy software safety defect database storing structure, utilize the body of classification of defects to judge the defective classification, and add new class or add new.
Database of the present invention has two different application point:
Application point one: database application of the present invention is developed life cycle in fail-safe software, comprise 3 different phases: the demand for security stage, the demand for security analysis tool is provided, determines attack mode, the defective classification of use-case ownership and find corresponding mitigation scheme; Design phase, provide in the extendible fail-safe software development environment and threaten modeling tool; Coding stage provides the system vulnerability testing tool based on source code, and based on the model detection validation of pushdown automata.The attack mode that research is represented the finite-state automata form and the modeling method of software safety defect; Utilize the control flow graph of program that program's source code is modeled as pushdown automata simultaneously.The verification algorithm that uses a model is afterwards verified these two models, judges the security breaches in the code.
Application point two: with database application of the present invention in the web ISP: use web encapsulated in service manner software safety defect database, software safety defect access of database interface service program is provided, and issue standards registration with UDDI and issue these information on services, thereby reduce user resources consumption, and provide service for other user of the higher order of magnitude.
On the application point of above-mentioned database, in the software product performance history, based on the software safety defect database of having set up, can be by the aid collection that uses defect database to provide in 3 different phases of performance history, find the software safety defect in the software product and solution is provided, thus the security feature of raising product.
1, the demand for security stage: software security demand analysis instrument is provided.When the user need carry out the demand for security analysis, this instrument uses illustration as input with what the user provided, branch storehouse-routine storehouse of misuse with the software safety defect database is analyzed as the data basis, content comprises the scanning illustration, obtain use-case and between relation, according to features such as the title of use-case and execution routes thereof, with the routine storehouse of misuse than equity.This instrument is used for finding whether use-case exists software safety defect, and the output result provides corresponding mitigation scheme by searching database branch storehouse-mitigation scheme base afterwards for the attack mode that software safety defect belonged to, the defective classification of discovery.
2, the Safety Design stage: provide in the extendible fail-safe software development environment and threaten modeling tool.Functional module 1: the graphical modeling function of band drag and drop is provided, and assistant analysis and designer are to the software modeling that impends.From the software illustration that the software developer provides, obtain the information such as assets information, information flow, trust boundaries of software in the activity diagram, make up based on the threat model that threatens tree.Functional module 2: based on the threat tree-model of setting up in the functional module 1, and each attribute description of the defect entry in the Fen Ku-software safety defect library of comparable data storehouse, class figure implement security is checked, assessment threatens the security attribute of model, comprise qualitative analysis and quantitative Analysis, obtain to attack the descending sort of the extent of injury.According to assessment result, formulate the mitigation scheme and generate the fail-safe software exploitation document of software design stage.
3, the safe coding stage: the system vulnerability testing tool based on source code is provided.With the data basis of software safety defect database as this static code analysis instrument, the source code that provides with the user is as input, this instrument is represented attack mode with a finite-state automata (FSA), the execution of a security related operations is just represented in the conversion of FSA, and the end-state of FSA is with regard to the precarious position of representation program, program can reach this state just expression might be attacked.Utilize the control flow graph of program that program's source code is modeled as pushdown automata (PDA) again, the verification algorithm that uses a model is at last verified this two models.This testing result can judge whether there are security breaches in the code as the output of instrument.
In order to improve the versatility in notebook data storehouse, the aid collection that above-mentioned three phases is provided is encapsulated as the form issue of service interface simultaneously, and the visit calling function is provided, and satisfies more users and uses.The aid set that above-mentioned three phases is realized is divided in three functional modules (demand for security tool interface, Safety Design tool interface and safe coding tool interface), hides inner the realization with the encapsulation of UDDI form.When the user uses, according to different needs, can directly call required service by the mode that remote interface calls, reduce user resources consumption, the complex internal of fulfillment database is realized the transparence to the user.
On the data base administration angle, because the software safety defect database can not comprise all defectives, the meeting of new safety defect constantly occurs, if the user needs the automatic renewal of fulfillment database or self-defining software safety defect is manually added to database, the notebook data storehouse provides corresponding instrument, realizes that mechanism is found and imported to the software safety defect of robotization.
1, the preliminary work stage:, set up ontology model from semantic angle analysis security feature according to the software safety defect that takes out from attack mode.This ontology model constructs the Web page classifying device and is used to filter the information that focused crawler grasps from web.
2, the database update stage: specify initial URL to describe the extracting target by administrator interface, and in focused crawler extracting object procedure, calculate the Webpage correlation degree and select abundant extracting of URL to tabulate; The webpage selector switch then is responsible for calculating the significance level of webpage, finds the centre type webpage, and dynamically determines the access order of webpage thus, the page and storage that the selection of assessment webpage meets the demands; Adopt text analysis technique further therefrom to extract software safety defect afterwards, and be converted into the data that satisfy software safety defect database storing structure, utilize the body of classification of defects to judge the defective classification, and add new class or add new.
In sum, to be supported in three different phases in the software development process be that software adds security feature in the notebook data storehouse; Provide simultaneously and initiatively find the software safety defect that exists on the network, and the method by the key word fuzzy matching realizes add-ins initiatively to existing classification or initiatively add the function of new classification, and the Dynamic Maintenance database function.
Claims (9)
1. software safety defect Database Systems based on attack mode, the construction unit and administrative unit and the software safety defect body that comprise the software safety defect database, it is characterized in that, the construction unit of described software safety defect database comprises the mapping from the attack mode behavior sequence to the software safety defect structure, also comprise the mapping of software safety defect and corresponding mitigation scheme, and above two mappings are built into unified model;
The administrative unit of software safety defect database comprises software safety defect information gathering, two modules of classification, wherein,
Software safety defect information gathering module is specified initial URL to describe by administrator interface and is grasped tabulation, and calculates the Webpage correlation degree and select URL in the process of focused crawler extracting tabulation, tabulates with abundant the extracting; Select page stores by the webpage selector switch, and set up index;
Software safety defect information classification module, according to the software safety defect that takes out from attack mode, set up the software safety defect body, be used to judge the defective classification, realize the function of keyword matching, the standard of setting a new defective of judgement is: calculate current defective and the similarity that has had classification, when similarity all is lower than threshold value, newly-built classification in the storehouse, otherwise select the highest classification of similarity as class under the newly-increased software safety defect, the span of this threshold value is 0.2-0.5;
Software safety defect information to above-mentioned two modules acquisition, adopt text analysis technique further therefrom to extract software safety defect, and be converted into the data that satisfy software safety defect database storing structure, utilize the body of software safety defect classification to judge the defective classification, and add new class or add new.
2. the software safety defect Database Systems based on attack mode as claimed in claim 1, it is characterized in that, the constructed software safety defect database of the construction unit of described software safety defect database has 4 branch storehouses: the attack mode storehouse, be that a large amount of attack modes are collected, summed up the prototype database that the back is set up, use when Map Interface is provided for the extraction software safety defect; Misapply routine storehouse, using in the illustration of demand for security analysis phase is provided, represent the misuse example of software safety defect and the function of use-case coupling; Software safety defect library, based on threatening tree/attack tree-model that the software safety defect structural information is provided, the software safety defect sorting technique, the implementation procedure of software safety defect stage division, and further support initiatively to provide relevant solution based on the program analysis technique and the support of characteristic matching; And mitigation scheme base.
3. the software safety defect Database Systems based on attack mode as claimed in claim 1 is characterized in that, described software safety defect structure comprises the level of defective sign, preposition/postcondition, defective.
4. the software safety defect Database Systems based on attack mode as claimed in claim 1, it is characterized in that, described mitigation scheme is broken down into the repeatably individual mitigation scheme of some independences, and is created as reusable mitigation scheme base as overall mitigation scheme.
5. the software safety defect Database Systems based on attack mode as claimed in claim 1, it is characterized in that, described attack mode is taken from the attack mode storehouse in safe coding stage, this attack mode Cooley obtains with the system vulnerability testing tool, be that a large amount of attack modes are collected, summed up the prototype database that the back is set up, use when Map Interface is provided for the extraction software safety defect; Described software safety defect is taken from the mitigation scheme base of software security design phase or is misapplied routine storehouse, this mitigation scheme base is utilized respectively and is threatened modeling tool or demand for security analysis tool to obtain, be a reusable mitigation scheme database that forms by the combination independent alternative, the corresponding software safety defect of finding; This is misapplied routine Cooley and obtains with the demand for security analysis tool, provide the demand for security analysis phase with in the illustration, the function that the misuse example of represent software safety defect and use-case mate; The software safety defect library utilization of software security design phase threatens modeling tool to obtain, be based on and threaten tree/attack tree-model that the software safety defect structural information is provided, the software safety defect sorting technique, the implementation procedure of software safety defect stage division, and further support initiatively to provide relevant solution based on the program analysis technique and the support of characteristic matching.
6. the software safety defect Database Systems based on attack mode as claimed in claim 1, it is characterized in that, the aid collection that demand for security analysis phase, Safety Design stage and safe coding stage are provided is encapsulated as service interface, be in demand for security tool interface, Safety Design tool interface and the safe coding tool interface, and hide inside with the encapsulation of UDDI form and realize, when the user uses, according to different needs, can directly call the required service interface by the mode that remote interface calls.
7. the software safety defect Database Systems based on attack mode as claimed in claim 1, it is characterized in that described software safety defect body comprises a series of matched rules, corresponding weights, is used to judge the threshold value of whether adding a new software safety defect class.
8. the software safety defect Database Systems based on attack mode as claimed in claim 1 is characterized in that, after described software safety defect database encapsulates, issue based on the web service interface.
9. the software safety defect data base management method of the software safety defect Database Systems based on attack mode as claimed in claim 1 is characterized in that this method may further comprise the steps:
The administrative unit of software safety defect database comprises software safety defect information gathering, two modules of classification, information gathering, and software safety defect is classified based on ontology; Wherein:
Software safety defect information gathering operation based on WEB theme digging technology: specify initial URL to describe by administrator interface and grasp tabulation, and in the process of focused crawler extracting tabulation, calculate the Webpage correlation degree and select URL, tabulate with abundant the extracting; Select page stores by the webpage selector switch, and set up index;
Software safety defect sort operation based on software safety defect classification body technology: according to the software safety defect that takes out from attack mode, set up the software safety defect body, be used to judge the software safety defect classification, realize the function of keyword matching, setting the standard of judging a new software safety defect is: calculate current defective and the similarity that has classification, when similarity all is lower than threshold value, newly-built classification in the storehouse, otherwise select the highest classification of similarity as class under the newly-increased software safety defect, the span of this threshold value is 0.2-0.5;
To above-mentioned two software safety defect information that operation obtains, adopt text analysis technique further therefrom to extract software safety defect, and be converted into the data that satisfy software safety defect database storing structure, utilize the body of software safety defect classification to judge the defective classification, and add new class or new item.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101544322A CN101452469B (en) | 2008-12-24 | 2008-12-24 | Software safety defect library system based on attack mode and management method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101544322A CN101452469B (en) | 2008-12-24 | 2008-12-24 | Software safety defect library system based on attack mode and management method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101452469A CN101452469A (en) | 2009-06-10 |
| CN101452469B true CN101452469B (en) | 2011-03-23 |
Family
ID=40734703
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101544322A Active CN101452469B (en) | 2008-12-24 | 2008-12-24 | Software safety defect library system based on attack mode and management method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101452469B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8296130B2 (en) * | 2010-01-29 | 2012-10-23 | Ipar, Llc | Systems and methods for word offensiveness detection and processing using weighted dictionaries and normalization |
| CN101833505B (en) * | 2010-04-30 | 2012-05-02 | 天津大学 | Method for detecting security bugs of software system |
| CN102810137A (en) * | 2012-06-13 | 2012-12-05 | 天津大学 | Establishing method and multiplexing method for multiplex attack mode in software security development |
| CN103226470B (en) * | 2013-03-21 | 2016-09-14 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method and device determining check item weighted value based on BVS |
| CN103176905B (en) * | 2013-04-12 | 2016-11-09 | 北京邮电大学 | A kind of Defect Correlation method and device |
| US10574675B2 (en) | 2014-12-05 | 2020-02-25 | T-Mobile Usa, Inc. | Similarity search for discovering multiple vector attacks |
| US10216938B2 (en) * | 2014-12-05 | 2019-02-26 | T-Mobile Usa, Inc. | Recombinant threat modeling |
| CN107045439A (en) * | 2016-12-26 | 2017-08-15 | 天津大学 | Software security demand based on demand for security template obtains system and method |
| CN108400995B (en) * | 2018-06-07 | 2020-12-22 | 北京广成同泰科技有限公司 | Network attack identification method and system based on flow pattern comparison |
| CN110188046A (en) * | 2019-05-31 | 2019-08-30 | 北京银企融合技术开发有限公司 | Research and develop the assessment method and device of quality |
| CN110727947A (en) * | 2019-09-17 | 2020-01-24 | 苏州科达科技股份有限公司 | Security vulnerability processing method, device, equipment and readable storage medium |
| CN113886467B (en) * | 2021-10-25 | 2024-05-14 | 上海航天计算机技术研究所 | Software defect library maintenance method based on keyword extraction |
| CN115809466B (en) * | 2023-02-13 | 2023-04-07 | 天翼云科技有限公司 | Security requirement generation method and device based on STRIDE model, electronic equipment and medium |
-
2008
- 2008-12-24 CN CN2008101544322A patent/CN101452469B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN101452469A (en) | 2009-06-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101452469B (en) | Software safety defect library system based on attack mode and management method thereof | |
| CN109347801B (en) | Vulnerability exploitation risk assessment method based on multi-source word embedding and knowledge graph | |
| Johnson et al. | A meta language for threat modeling and attack simulations | |
| Mohammad et al. | A novel intrusion detection system by using intelligent data mining in weka environment | |
| CN102034042B (en) | Novel unwanted code detecting method based on characteristics of function call relationship graph | |
| Murtaza et al. | A host-based anomaly detection approach by representing system calls as states of kernel modules | |
| CN108494810A (en) | Network security situation prediction method, apparatus and system towards attack | |
| CN107992746A (en) | Malicious act method for digging and device | |
| CN106778253A (en) | Threat context aware information security Initiative Defense model based on big data | |
| Goldman et al. | Information modeling for intrusion report aggregation | |
| CN112235283A (en) | Vulnerability description attack graph-based network attack evaluation method for power engineering control system | |
| CN104616092B (en) | A kind of behavior pattern processing method based on distributed information log analysis | |
| CN106709613A (en) | Risk assessment method suitable for industrial control system | |
| CN101853277A (en) | Vulnerability data mining method based on classification and association analysis | |
| CN108039959A (en) | Situation Awareness method, system and the relevant apparatus of a kind of data | |
| CN112165462A (en) | Attack prediction method and device based on portrait, electronic equipment and storage medium | |
| CN101950271A (en) | Modeling technology-based software security test method | |
| CN107360152A (en) | A kind of Web based on semantic analysis threatens sensory perceptual system | |
| CN106228068A (en) | Android malicious code detecting method based on composite character | |
| Ajdani et al. | Introduced a new method for enhancement of intrusion detection with random forest and PSO algorithm | |
| CN104679650A (en) | Method for evaluating credibility of software architecture oriented models | |
| CN114615063A (en) | Attack tracing method and device based on log correlation analysis | |
| CN115270131A (en) | Java anti-serialization vulnerability detection method and system | |
| Gorodetski et al. | The multi-agent systems for computer network security assurance: frameworks and case studies | |
| Aghimien et al. | A review of the application of data mining for sustainable construction in Nigeria |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201130 Address after: No.150 Pingdong Avenue, Pingchao Town, Tongzhou District, Nantong City, Jiangsu Province Patentee after: Jiangsu Yongda power telecommunication installation engineering Co., Ltd Address before: 300072 Tianjin City, Nankai District Wei Jin Road No. 92 Patentee before: Tianjin University |