Survey on static software vulnerability detection for source code
Static software vulnerability detection is mainly divided into two types according to different analysis objects: vulnerability detection for binary code and vulnerability detection for source code. Because the source code contains more semantic information, it is more favored by code auditors. The...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2019-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.infocomm-journal.com/cjnis/CN/10.11959/j.issn.2096-109x.2019001 |
| _version_ | 1819045910106079232 |
|---|---|
| author | LI Zhen, WANG Zeli, JIN Hai ZOU Deqing |
| author_facet | LI Zhen, WANG Zeli, JIN Hai ZOU Deqing |
| author_sort | LI Zhen, WANG Zeli, JIN Hai |
| collection | DOAJ |
| description | Static software vulnerability detection is mainly divided into two types according to different analysis objects: vulnerability detection for binary code and vulnerability detection for source code. Because the source code contains more semantic information, it is more favored by code auditors. The existing vulnerability detection research works for source code are summarized from four aspects: code similarity-based vulnerability detection, symbolic execution-based vulnerability detection, rule-based vulnerability detection, and machine learning-based vulnerability detection. The vulnerability detection system based on source code similarity and the intelligent software vulnerability detection system for source code are taken as two examples to introduce the process of vulnerability detection in detail. |
| first_indexed | 2024-12-21T10:36:04Z |
| format | Article |
| id | doaj.art-5c811208f34f4a09bf7b4811b8e3aca4 |
| institution | Directory Open Access Journal |
| issn | 2096-109X |
| language | English |
| last_indexed | 2024-12-21T10:36:04Z |
| publishDate | 2019-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj.art-5c811208f34f4a09bf7b4811b8e3aca42022-12-21T19:07:04ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2019-02-015111410.11959/j.issn.2096-109x.2019001Survey on static software vulnerability detection for source code LI Zhen, WANG Zeli, JIN Hai0ZOU Deqing1School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China ;Services Computing Technology and System Lab, Huazhong University of Science and Technology, Wuhan 430074, China;Clusters and Grid Computing Lab, Huazhong University of Science and Technology, Wuhan 430074, China ; Big Data Security Engineering Research Center, Huazhong University of Science and Technology, Wuhan 430074, ChinaSchool of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China ;Services Computing Technology and System Lab, Huazhong University of Science and Technology, Wuhan 430074, China;Clusters and Grid Computing Lab, Huazhong University of Science and Technology, Wuhan 430074, China ; Big Data Security Engineering Research Center, Huazhong University of Science and Technology, Wuhan 430074, China;Shenzhen Huazhong University of Science and Technology Research Institute, Shenzhen 518057, China Static software vulnerability detection is mainly divided into two types according to different analysis objects: vulnerability detection for binary code and vulnerability detection for source code. Because the source code contains more semantic information, it is more favored by code auditors. The existing vulnerability detection research works for source code are summarized from four aspects: code similarity-based vulnerability detection, symbolic execution-based vulnerability detection, rule-based vulnerability detection, and machine learning-based vulnerability detection. The vulnerability detection system based on source code similarity and the intelligent software vulnerability detection system for source code are taken as two examples to introduce the process of vulnerability detection in detail.http://www.infocomm-journal.com/cjnis/CN/10.11959/j.issn.2096-109x.2019001software vulnerabilityvulnerability detection for source codecode similaritydeep learning |
| spellingShingle | LI Zhen, WANG Zeli, JIN Hai ZOU Deqing Survey on static software vulnerability detection for source code 网络与信息安全学报 software vulnerability vulnerability detection for source code code similarity deep learning |
| title | Survey on static software vulnerability detection for source code |
| title_full | Survey on static software vulnerability detection for source code |
| title_fullStr | Survey on static software vulnerability detection for source code |
| title_full_unstemmed | Survey on static software vulnerability detection for source code |
| title_short | Survey on static software vulnerability detection for source code |
| title_sort | survey on static software vulnerability detection for source code |
| topic | software vulnerability vulnerability detection for source code code similarity deep learning |
| url | http://www.infocomm-journal.com/cjnis/CN/10.11959/j.issn.2096-109x.2019001 |
| work_keys_str_mv | AT lizhenwangzelijinhai surveyonstaticsoftwarevulnerabilitydetectionforsourcecode AT zoudeqing surveyonstaticsoftwarevulnerabilitydetectionforsourcecode |