• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学

• 软件工程 • 上一篇    下一篇

基于机器学习的软件脆弱性分析方法综述

况晓辉1,刘强1,2,李响1,聂原平1   

  1. (1.军事科学院系统工程研究院信息系统安全技术国防科技重点实验室,北京 100101;
    2.清华大学计算机科学与技术系,北京 100084)
  • 收稿日期:2018-03-12 修回日期:2018-06-07 出版日期:2018-11-25 发布日期:2018-11-25

Survey on software vulnerability analysis
based on machine learning

KUANG Xiaohui1,LIU Qiang1,2 ,LI Xiang1,NIE Yuanping1   

  1. (1.National Key Laboratory of Science and Technology on Information System Security,
    Institute of System and Engineering,Academy of Military Science,Beijing 100101;
    2.Department of Computer Science and Technology,Tsinghua University,Beijing 100084,China)
  • Received:2018-03-12 Revised:2018-06-07 Online:2018-11-25 Published:2018-11-25

摘要:

随着被披露脆弱性代码样本数量的不断增加和机器学习方法的广泛应用,基于机器学习的软件脆弱性分析逐渐成为信息安全领域的热点研究方向。首先,通过分析已有研究工作,提出了基于机器学习的软件脆弱性挖掘框架;然后,从程序分析角度对已有研究工作进行了分类综述;最后,对研究成果进行了对比分析,并分析了当前基于机器学习的脆弱性分析方法面临的挑战,展望了未来的发展方向。

关键词: 软件脆弱性分析, 机器学习, 综述

Abstract:

As increasing reporting and disclosure of vulnerability code samples and extensive applications of machine learning methods, software vulnerability analysis methods based on machine learning have become a hot research direction in information security. After analysis of existing research work, we propose a software vulnerability analysis framework based on machine learning. We then review and classify existing machine learning based vulnerability methods, and conduct comparative analysis. We briefly analyze the challenges for machine learning based software vulnerability analysis methods, and discuss future research trends.
 

Key words: software vulnerability analysis, machine learning, survey