CN104102580A - Graph-mining-based electronic tax system software fault location method - Google Patents
Graph-mining-based electronic tax system software fault location method Download PDFInfo
- Publication number
- CN104102580A CN104102580A CN201410328005.7A CN201410328005A CN104102580A CN 104102580 A CN104102580 A CN 104102580A CN 201410328005 A CN201410328005 A CN 201410328005A CN 104102580 A CN104102580 A CN 104102580A
- Authority
- CN
- China
- Prior art keywords
- frequent subgraph
- tax system
- call
- system software
- frequent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a graph-mining-based electronic tax system software fault location method. The method includes: monitoring an executing process of electronic tax system software to be detected, to obtain a dynamic call structure of the software, establishing a call network graph of weights, and analyzing and discovering a frequent subgraph structure of the software during executing, by means of the graph mining technology. Whether or not the current electronic tax system software has abnormally called frequent subgraphs is determined by comparison according to an abnormal call frequent subgraph library of the electronic tax system software, and software fault detection and location are is achieved.
Description
Technical field
The invention belongs to software program calling graph and build and figure excavation applications, relate to a kind of E-Tax system software fault positioning method excavating based on figure.
Background technology
Tax revenue is country's topmost receipts form of (government) public finance and source, and along with the high speed development of information age, the super time and super space trend of economic activity starts to form challenge to traditional mode of declaring dutiable goods.Along with the reform of tax administration deepen continuously and perfect, adopt information-based, modern way to manage to become trend, electronic remote is declared to pay taxes becomes a kind of advanced person's the mode of declaring.Yet carry the E-Tax system software of the long-range mode of declaring dutiable goods owing to may having some bugs on stream, different software vulnerabilities can cause occurring different adverse consequencess.For example tax software login system exists leak may cause lawless person to steal the people's that declares dutiable goods account or password, then pretend to be or forge this people's identity of declaring dutiable goods and carry out the malice operation of declaring dutiable goods, this not only upsets the order of declaring dutiable goods normally, possibly legal taxpayer and country is caused to irremediable heavy economic losses simultaneously.Therefore detecting this work of electronic tax software vulnerability has very strong social demand and realistic meaning, but again the program in E-Tax system is carried out in the testing process of leak, existing technology all can not effectively realize the location of E-Tax system software fault, therefore serious impact maintenance and the processing of fail soft.
Summary of the invention
The object of the invention is to overcome the shortcoming of above-mentioned prior art, a kind of E-Tax system software fault positioning method excavating based on figure is provided, the method can effectively realize the location to E-Tax system software fault.
For achieving the above object, the E-Tax system software fault positioning method excavating based on figure of the present invention, is characterized in that, comprises the following steps:
S101) in E-Tax system, input E-Tax system software to be measured, then according to the E-Tax system software to be measured of input, adopt program dynamic time slice analysis method to obtain routine call structural relation;
S102) according to step S101) the routine call structural relation that obtains utilizes the section acquisition methods of time dimension to call path, then according to the network chart that calls of method call path construction Weighted Coefficients;
S103) to step S102) Weighted Coefficients that obtains call the excavation that network chart carries out frequent subgraph, obtain frequent subgraph structure, wherein, frequent subgraph is in E-Tax system software execute process to be measured, to call the invoked method set that frequency is greater than predetermined threshold value;
S104) by step S103) frequent subgraph in the frequent subgraph structure that obtains mates with the frequent subgraph of exception call in the frequent subgraph of exception call in E-Tax system storehouse, judges in E-Tax system software to be measured, whether there is abnormal frequent subgraph;
While S105) there is abnormal frequent subgraph in E-Tax system software to be measured, by the abnormal execution sequence of function and functional based method delineation in the corresponding E-Tax system software to be measured of described abnormal frequent subgraph, then according to the abnormal execution sequence of function corresponding to all abnormal frequent subgraphs and functional based method, build the method set that causes the system failure, then output causes the method set of the system failure.
Step S104) concrete operations are: by step S103) the frequent subgraph of exception call in frequent subgraph in the frequent subgraph structure that obtains and E-Tax system in the frequent subgraph of exception call storehouse contrasts, judge the diversity factor of the frequent subgraph of the exception call in the frequent subgraph of exception call storehouse in frequent subgraph in frequent subgraph structure and E-Tax system, when described diversity factor is less than or equal to predetermined threshold value, described frequent subgraph is abnormal frequent subgraph, when described similarity is greater than predetermined threshold value, described frequent subgraph is normal frequent subgraph.
Step S102) weights in are E-Tax system software to be measured invoked number of times of operational process Program call relation in E-Tax system.
Step S103) in to step S102) network chart that calls of the Weighted Coefficients that obtains adopts gSpan algorithm to carry out the excavation of frequent subgraph.
The present invention has following beneficial effect:
The E-Tax system software fault positioning method excavating based on figure of the present invention is in the process that the fault of E-Tax system software is positioned, employing program dynamic time slice analysis method is obtained routine call structural relation, and according to the network chart that calls of described routine call structural relation structure Weighted Coefficients, the excavation that network chart carries out frequent subgraph of calling to Weighted Coefficients again, and then by the frequent subgraph obtaining is mated with the frequent subgraph of exception call in the frequent subgraph of exception call in E-Tax system storehouse, thereby detect the frequent subgraph that whether has exception call in current group tax system software, finally according to the abnormal execution sequence of function corresponding to all abnormal frequent subgraphs and functional based method, build the method set that causes the system failure, and export the method set that this causes the system failure, thereby accurately realize the location of E-Tax system software fault, easy to operate simple, reusability is good, and extensibility is good.
Accompanying drawing explanation
Fig. 1 is process flow diagram of the present invention;
Fig. 2 is the process flow diagram that in the present invention, monitor data is processed;
Fig. 3 is the schematic diagram of dynamic call network struction in the present invention;
Fig. 4 is the process flow diagram that Program of the present invention is carried out the weighted graph structure of sequence.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail:
With reference to figure 1, the E-Tax system software fault positioning method excavating based on figure of the present invention comprises the following steps:
S101) in E-Tax system, input E-Tax system software to be measured, then according to the E-Tax system software to be measured of input, adopt program dynamic time slice analysis method to obtain routine call structural relation;
It should be noted that, adopting the prerequisite of program dynamic time slice analysis method is first to need to obtain routine call structural relation, comprises the processing of monitor data and is related to two large divisions according to monitoring the dynamic call of daily record restore software.
With reference to figure 2, specifically comprise the following steps:
1) in to the monitor procedure of software systems, the interception that can carry out by method by the affiliated bag of its signature acquisition methods, class name, method name and parameter list, and start time and the end time of by obtaining system time, coming acquisition methods to carry out, but the relevant informational needs of execution route is by the relevant information of thread, self-organization is safeguarded a data structure that is similar to storehouse, wherein, include traceId, eoi, ess attribute, traceId is the sign of an execution route, also be the sign of a thread, eoi (excution order index) is the current method order of the execution in execution route for this reason, ess (excution stack size) is the degree of depth of calling of current execution route, eoi, ess increases since 0,
2) in the whole flow process of data preparation, for each method, first judge that whether it is the method that will monitor, if so, obtains the start time of its basic monitor message and execution, three variable traceId of initialization, eoi, ess.TraceId, eoi, tri-variable declarations of ess are ThreadLocal type, in a thread, share the same copy of these three data, different threads respectively has a copy, first judges whether it is the method for first execution in this thread after obtaining the essential information of monitoring, if not returning to the sign traceId of current thread, if but first method needs for it generates a unique thread identification traceId its eoi of initialization, ess is 0; If as do not needed the method for monitoring, directly operation, obtains current raceId, eoi, ess, and then preserve current eoi with local variable, and ess, traceId also generates the log recording that a method end time is 0;
3), by eoi++, ess++ manner of execution body, repeats this process when having method call in method again until method is carried out end;
4) last method is carried out the log recording of acquisition methods execution end time generation that is over again, finally the shared ess of thread is reset to current ess for the correctness of the method assurance data with layer execution.
The reduction of software dynamic call relation is the inverse operation of above-mentioned data processing, mainly by the traceId in monitoring record, eoi, the method call relation in tri-data restore software Dynamic Execution processes of ess.The record generating in software dynamic running process might not once all record according to traceId, because the application of multithreading is more and more now, so monitoring record is likely traceId interleaved recorded in physical record, so record need to be classified according to traceId in analysis monitoring record, and then the record of same traceId is built to its call relation according to the relation of eoi and ess field.
S102) according to step S101) the routine call structural relation that obtains utilizes the section acquisition methods of time dimension to call path, then according to the network chart that calls of method call path construction Weighted Coefficients;
Step S102) weights in are E-Tax system software to be measured invoked number of times of operational process Program call relation in E-Tax system.
With reference to figure 3 and Fig. 4, the method for calling network chart of described structure Weighted Coefficients:
(1) first monitoring record must be resolved;
(2) reducing its dynamic call is related to sequence;
And then according to partition strategy, call relation sequence is divided and the calling sequence being grouped together is combined the dynamic call network that builds software systems (3).
Dynamic time section is called network struction and will be related to following concept:
Call behavior (cb, call ing behavior)
The behavior cb of calling is exactly a method call in software running process, and it can be expressed as four-tuple a: cb
k=(t
k, Caller
k, Callee
k, Param
k)
Wherein, t
ktime while being exactly method call generation, and cb
kfor the behavior of calling, Caller
k, Callee
kfor corresponding method call person and callee, Param
kcallee while occurring for calling
kcorresponding parameter set.
Call behavior collection (CB, Calling Behavior Set)
Call behavior collection CB and call exactly behavior cb
korderly set, can be expressed as: CB={cb
k| k ∈ N}, wherein, k is just representing the sequence number of cb.
Calling graph (CG, Calling Graph)
Calling graph CG refers to an oriented weighted graph, and its structure depends on and calls behavior collection CB.Node is wherein the method for calling in behavior collection CB, the call relation that limit is method, and the weights on limit call the number of times that behavior occurs for this reason.
Calling graph CG=(V, E), wherein, V represents the set of method, E is the set of the call relation between these methods, has the corresponding same limit of the behavior of calling cb of identical Caller and Callee, and the weight on limit represents the quantity of the cb with identical Caller and Callee.
Call network (CN, Calling Network)
Call network C N and refer to the set of orderly calling graph CG, wherein, the order of calling graph CG be by the Constructing Policy that calls behavior collection CB, determined, so call the structure of network C N, be also to be determined by the structure that calls behavior collection CB, call network C N and can be defined as follows:
CN={CG
i|i∈N,CG
i=f
CG-Gen(Cb
i),CB
i∈CB}
Wherein, F
cG-Gen(CB
i) for generate the function of calling graph CG, CB from calling behavior collection CB
ifor what divide according to certain strategy from call behavior collection CB.
The actual execution time of method in software of take is reference, and the certain hour length of take is divided calling behavior cb as step-length, thereby generates calling graph CG.Suppose T
ifor CB
ithe time point starting, and Δ t regular time step-length, CB
ican be expressed as: CB
i={ cb
k| T
i≤ t
k< T
i+ Δ t}, wherein t
kfor cb
kin time, call network C N and be a dynamic operation information based on software systems and the oriented cum rights network with time sequence information that builds.
S103) to step S102) Weighted Coefficients that obtains call the excavation that network chart carries out frequent subgraph, obtain frequent subgraph structure, wherein, frequent subgraph is in E-Tax system software execute process to be measured, to call the invoked method set that frequency is greater than predetermined threshold value, is and calls key node set in network;
S104) by step S103) frequent subgraph in the frequent subgraph structure that obtains mates with the frequent subgraph of exception call in the frequent subgraph of exception call in E-Tax system storehouse, judges in E-Tax system software to be measured, whether there is abnormal frequent subgraph;
Step S103) in to step S102) network chart that calls of the Weighted Coefficients that obtains adopts gSpan algorithm to carry out the excavation of frequent subgraph.
GSpan algorithm key step is described below:
Utilize the frequent subgraph set that above algorithm is excavated representing frequent invoked method set in program process, be the key node set in routine call network.
Step S104) concrete operations are: by step S103) the frequent subgraph of exception call in frequent subgraph in the frequent subgraph structure that obtains and E-Tax system in the frequent subgraph of exception call storehouse contrasts, judge the diversity factor of the frequent subgraph of the exception call in the frequent subgraph of exception call storehouse in frequent subgraph in frequent subgraph structure and E-Tax system, when described diversity factor is less than or equal to predetermined threshold value, described frequent subgraph is abnormal frequent subgraph, when described similarity is greater than predetermined threshold value, described frequent subgraph is normal frequent subgraph, described pre-set threshold value is 30%-50%.
Wherein, the diversity factor Diff (S1, S2) of two frequent subgraphs is defined as, and in two frequent subgraphs, when subgraph scale (being nodes) is identical, has the absolute value of limit quantity with the difference of the ratio of total limit number of same edge relation in two frequent subgraphs.Suppose that frequent subgraph S1 is identical with S2 nodes, limit number is respectively E1, E2 separately, and the quantity of same edge is Ec.?
from definition, the two frequent higher Diff of subgraph structural similarity (S1, S2) numerical value are less, therefore can be according to figure scale setting Diff (S1, S2) threshold value, by be less than certain threshold value two frequent subgraph mode decisions be similar frequent subgraph.
While S105) there is abnormal frequent subgraph in E-Tax system software to be measured, by the abnormal execution sequence of function and functional based method delineation in the corresponding E-Tax system software to be measured of described abnormal frequent subgraph, then according to the abnormal execution sequence of function corresponding to all abnormal frequent subgraphs and functional based method, build the method set that causes the system failure, then output causes the method set of the system failure.
Claims (4)
1. the E-Tax system software fault positioning method excavating based on figure, is characterized in that, comprises the following steps:
S101) in E-Tax system, input E-Tax system software to be measured, then according to the E-Tax system software to be measured of input, adopt program dynamic time slice analysis method to obtain routine call structural relation;
S102) according to step S101) the routine call structural relation that obtains utilizes the section acquisition methods of time dimension to call path, then according to the network chart that calls of method call path construction Weighted Coefficients;
S103) to step S102) Weighted Coefficients that obtains call the excavation that network chart carries out frequent subgraph, obtain frequent subgraph structure, wherein, frequent subgraph is in E-Tax system software execute process to be measured, to call the invoked method set that frequency is greater than predetermined threshold value;
S104) by step S103) frequent subgraph in the frequent subgraph structure that obtains mates with the frequent subgraph of exception call in the frequent subgraph of exception call in E-Tax system storehouse, judges in E-Tax system software to be measured, whether there is abnormal frequent subgraph;
While S105) there is abnormal frequent subgraph in E-Tax system software to be measured, by the abnormal execution sequence of function and functional based method delineation in the corresponding E-Tax system software to be measured of described abnormal frequent subgraph, then according to the abnormal execution sequence of function corresponding to all abnormal frequent subgraphs and functional based method, build the method set that causes the system failure, then output causes the method set of the system failure.
2. the E-Tax system software fault positioning method excavating based on figure according to claim 1, it is characterized in that, step S104) concrete operations are: by step S103) the frequent subgraph of exception call in frequent subgraph in the frequent subgraph structure that obtains and E-Tax system in the frequent subgraph of exception call storehouse contrasts, judge the diversity factor of the frequent subgraph of the exception call in the frequent subgraph of exception call storehouse in frequent subgraph in frequent subgraph structure and E-Tax system, when described diversity factor is less than or equal to predetermined threshold value, described frequent subgraph is abnormal frequent subgraph, when described similarity is greater than predetermined threshold value, described frequent subgraph is normal frequent subgraph.
3. the E-Tax system software fault positioning method excavating based on figure according to claim 1, it is characterized in that step S102) in weights be E-Tax system software to be measured invoked number of times of operational process Program call relation in E-Tax system.
4. the E-Tax system software fault positioning method excavating based on figure according to claim 1, is characterized in that step S103) in to step S102) network chart that calls of the Weighted Coefficients that obtains adopts gSpan algorithm to carry out the excavation of frequent subgraph.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410328005.7A CN104102580B (en) | 2014-07-10 | 2014-07-10 | A kind of E-Tax system software fault positioning method excavated based on figure |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410328005.7A CN104102580B (en) | 2014-07-10 | 2014-07-10 | A kind of E-Tax system software fault positioning method excavated based on figure |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104102580A true CN104102580A (en) | 2014-10-15 |
CN104102580B CN104102580B (en) | 2015-08-26 |
Family
ID=51670749
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410328005.7A Active CN104102580B (en) | 2014-07-10 | 2014-07-10 | A kind of E-Tax system software fault positioning method excavated based on figure |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104102580B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104408584A (en) * | 2014-12-18 | 2015-03-11 | 中国农业银行股份有限公司 | Analysis method and system for transaction relevance |
CN104536882A (en) * | 2014-11-28 | 2015-04-22 | 南京大学 | Error locating method based on frequent sub-graph mining |
CN106339315A (en) * | 2016-08-19 | 2017-01-18 | 东软集团股份有限公司 | Defect positioning method and device |
CN107992426A (en) * | 2017-12-26 | 2018-05-04 | 河南工业大学 | A kind of software error localization method excavated based on Frequent tree mining and processing unit |
CN108762908A (en) * | 2018-05-31 | 2018-11-06 | 阿里巴巴集团控股有限公司 | System calls method for detecting abnormality and device |
CN110825550A (en) * | 2019-11-12 | 2020-02-21 | 北京计算机技术及应用研究所 | Web cloud application software fault positioning method based on graph mining |
CN110896361A (en) * | 2019-10-29 | 2020-03-20 | 北京航空航天大学 | Information physical system visualization and fault location method based on augmented reality |
CN111415168A (en) * | 2020-03-06 | 2020-07-14 | 中国建设银行股份有限公司 | Transaction warning method and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101739339A (en) * | 2009-12-29 | 2010-06-16 | 北京航空航天大学 | Program dynamic dependency relation-based software fault positioning method |
US20110029820A1 (en) * | 2009-07-31 | 2011-02-03 | Google Inc. | Native code module security for 64-bit instruction set architectures |
CN102708052A (en) * | 2012-04-27 | 2012-10-03 | 北京邮电大学 | Automatic positioning method of software failures in unit test |
-
2014
- 2014-07-10 CN CN201410328005.7A patent/CN104102580B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110029820A1 (en) * | 2009-07-31 | 2011-02-03 | Google Inc. | Native code module security for 64-bit instruction set architectures |
CN101739339A (en) * | 2009-12-29 | 2010-06-16 | 北京航空航天大学 | Program dynamic dependency relation-based software fault positioning method |
CN102708052A (en) * | 2012-04-27 | 2012-10-03 | 北京邮电大学 | Automatic positioning method of software failures in unit test |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104536882A (en) * | 2014-11-28 | 2015-04-22 | 南京大学 | Error locating method based on frequent sub-graph mining |
CN104408584B (en) * | 2014-12-18 | 2017-11-03 | 中国农业银行股份有限公司 | The analysis method and system of a kind of transaction association |
CN104408584A (en) * | 2014-12-18 | 2015-03-11 | 中国农业银行股份有限公司 | Analysis method and system for transaction relevance |
CN106339315B (en) * | 2016-08-19 | 2019-03-22 | 东软集团股份有限公司 | Position the method and device of defect |
CN106339315A (en) * | 2016-08-19 | 2017-01-18 | 东软集团股份有限公司 | Defect positioning method and device |
CN107992426A (en) * | 2017-12-26 | 2018-05-04 | 河南工业大学 | A kind of software error localization method excavated based on Frequent tree mining and processing unit |
CN108762908A (en) * | 2018-05-31 | 2018-11-06 | 阿里巴巴集团控股有限公司 | System calls method for detecting abnormality and device |
CN108762908B (en) * | 2018-05-31 | 2021-12-07 | 创新先进技术有限公司 | System call abnormity detection method and device |
CN110896361A (en) * | 2019-10-29 | 2020-03-20 | 北京航空航天大学 | Information physical system visualization and fault location method based on augmented reality |
CN110896361B (en) * | 2019-10-29 | 2020-10-30 | 北京航空航天大学 | Information physical system visualization and fault location method based on augmented reality |
CN110825550A (en) * | 2019-11-12 | 2020-02-21 | 北京计算机技术及应用研究所 | Web cloud application software fault positioning method based on graph mining |
CN111415168A (en) * | 2020-03-06 | 2020-07-14 | 中国建设银行股份有限公司 | Transaction warning method and device |
CN111415168B (en) * | 2020-03-06 | 2023-08-22 | 中国建设银行股份有限公司 | Transaction alarm method and device |
Also Published As
Publication number | Publication date |
---|---|
CN104102580B (en) | 2015-08-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104102580B (en) | A kind of E-Tax system software fault positioning method excavated based on figure | |
US10445734B2 (en) | Method and apparatus of identifying a transaction risk | |
AU2015201161A1 (en) | Event correlation | |
JP2017126283A (en) | Detection program, detection method and detection device | |
CN112380533B (en) | Method for checking security baseline of computer terminal | |
CN107528734A (en) | A kind of abnormal host group's detection method based on Dynamic Graph | |
CN104866764B (en) | A kind of Android phone malware detection method based on object reference figure | |
Li et al. | Theoretical basis for intrusion detection | |
CN103209173A (en) | Vulnerability mining method of network protocols | |
CN105740711A (en) | Malicious code detection method and system based on kernel object behavior body | |
CN105117430B (en) | A kind of iterative task process discovery method based on equivalence class | |
CN109743339B (en) | Network security monitoring method and device for power plant station and computer equipment | |
CN114357459A (en) | Information security detection method for block chain system | |
CN111191683B (en) | Network security situation assessment method based on random forest and Bayesian network | |
CN111680290B (en) | Code pile inserting frame system based on Ether house virtual machine | |
CN102982282B (en) | The detection system of bug and method | |
CN102681936A (en) | Verification method and device for test result of financial system | |
CN111988321A (en) | Alliance chain abnormity detection system based on machine learning and detection method thereof | |
CN112750038A (en) | Transaction risk determination method and device and server | |
CN104503829A (en) | Method for detecting and maintaining management process | |
US20220046039A1 (en) | Method, device, and computer program product for abnormality detection | |
CN205692170U (en) | A kind of battalion auxiliary tone data pretreatment | |
Das et al. | Prevention and detection of FDIA on power-network protection scheme using multiple support set | |
CN107247558A (en) | A kind of terminal control method, device, computer installation and readable storage medium storing program for executing | |
CN110633201B (en) | Integrated fuzzy test method and device for program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |