期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

嵌入式单片机系统软件安全漏洞自动检测仿真 被引量:1

Automatic Detection and Simulation of Security Vulnerability in Embedded Microcontroller System Software
下载PDF
导出
摘要 嵌入式单片机系统软件安全漏洞检测效果的优劣不仅影响计算机的基本功能发挥,还会损害用户的切身利益。针对当前方法忽略了无关特征和冗余特征对嵌入式单片机系统软件安全漏洞检测的影响,导致检测结果不佳,提出一种基于朴素贝叶斯的软件安全漏洞自动检测方法,利用蚁群算法的搜索性能,将系统软件安全漏洞特征提取问题转化为路径寻优问题,计算蚂蚁的转移概率和适应度函数值,并对系统各个路径上的信息素浓度进行实时更新。采用额外附加激励的方式,强化蚂蚁对最优路径的选择影响。设置蚁群算法的终止条件,将搜索获得的软件安全漏洞特征输出。采用特征向量来描述输出的系统软件安全漏洞特征样本,根据嵌入式单片机系统软件安全漏洞特征的先验概率计算出其后验概率,能够使得后验概率获得最大值的类即为该安全漏洞特征对象所属的类。仿真测试结果表明,所提方法能够实现系统软件安全漏洞的分类检测,具有较高的检测率和较低的误报率,同时漏洞覆盖率评价指标最高可以达到97.7%,远远高于对比方法。 This paper presents a method to automatically detect software security vulnerability based on Naive Bayes. This method used search performance of ant colony algorithm to transform feature extraction of system software security vulnerability into the path optimization. Then, our method calculated the transition probability of ant and fit- ness function value and updated the pheromone concentration on each path of system in real time. Moreover, the method used additional excitation to strengthen the influence of ant on the selection of optimal path. In addition, our research outputted the software security vulnerability feature obtained by the search through the termination condition of ant colony algorithm. Finally, the research used the feature vector to describe the outputted sample of system soft- ware security vulnerability feature. According to the prior probability of security vulnerability feature of software in embedded single - chip microcomputer system, we calculated the posterior probability. Thus, posterior probability could obtain the class of the maximum values which the security vulnerability feature object belonged to. Simulation results show that the proposed method can realize the classified detection of system software security vulnerability, which has high detection rate and low false alarm rate. Meanwhile, the evaluation index of vulnerability coverage rate can reach 97.7% , which is higher than comparison method.
作者 袁钦 李利花 YUAN Qin;LI Li - hua(Gongqing College,Nanchang University,Gongqingcheng Jiangxi 332020,Chin)
机构地区 南昌大学共青学院
出处 《计算机仿真》 北大核心 2018年第8期405-409,共5页 Computer Simulation
关键词 嵌入式 单片机系统 软件 安全漏洞 自动检测 Embedded Single - chip microcomputer system Software Security vulnerability Automatic detection
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

二级参考文献53

  • 1国家信息安全漏洞共享平台.关于Open SSL存在高危漏洞可被利用发起大规模攻击的情况通报[EB/OL].[2014-04-09].http://www.cnvd.org.cn/webinfo/show/3399. 被引量:1
  • 2CVE.CVE-2014-0160[EB/OL].[2014-04-07].http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160. 被引量:1
  • 3Open SSL.Open SSL security advisory[EB/OL].[2014-04-07].http://www.openssl.org/news/secadv_20140407.txt. 被引量:1
  • 4乌云漏洞平台.关键字“Heart Bleed”漏洞搜索结果[EB/OL].[2014-04-02].http://www.wooyun.org/searchbug.php?q=Heartbleed&showall=1. 被引量:1
  • 5Shankland S.‘Heartbleed’bug undoes Web encryption,reveals Yahoo passwords[EB/OL].[2014-04-08].http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-revealsuser-passwords/. 被引量:1
  • 6Metasploit.Weekly metasploit update:heartbleed and firefox passwords[EB/OL].[2014-04-17].https://community.rapid7.com/community/metasploit/blog/2014/04/17/weekly-metasploitupdate. 被引量:1
  • 7Freier A,Karlton P,Kocher P.RFC 6101 The Secure Sockets Layer(SSL)protocol[S].Version 3.0,2011-08. 被引量:1
  • 8Santesson S.RFC 4680 TLS Handshake message for supplemental data[S].2006-09. 被引量:1
  • 9Seggelmann R,Tuexen M,Williams M.RFC 6520 Transport Layer Security(TLS)and Datagram Transport Layer Security(DTLS)heartbeat extension[S].2012-02. 被引量:1
  • 10Hoffman P.RFC 2487 SMTP service extension for secure SMTP over TLS[S].1999-01. 被引量:1

共引文献56

同被引文献8

引证文献1

计算机仿真
2018年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部