摘要
针对现有脆弱类挖掘方法缺乏对类间依赖关系的考虑,导致软件维护难的问题,运用软件中类间依赖关系与频次,构建有向加权类依赖软件网络。通过定义类依赖加权熵,结合节点出度、节点介数与类节点脆弱性的关系,设计类节点脆弱性度量。针对类节点脆弱性度量值高的类节点采取蓄意攻击,提出基于模块度的有向加权类依赖软件网络社团划分算法,分析类依赖软件网络社团划分过程中社团数和模块度变化机理,挖掘类依赖软件网络中的脆弱类,对脆弱性节点加以保护,提高软件质量。设计脆弱类挖掘实验,与随机攻击15个类节点相比,对本方法得到的脆弱性度量值前15的类节点开展蓄意攻击,发现类依赖软件网络的平均模块度提高12.7%,平均社团数提高60.12%,验证了类依赖软件网络脆弱类挖掘算法的有效性。
The structure of software systems is becoming more complex,and the possibility of software failure increases,which makes the cost of software understanding and maintenance for developers higher.Due to a lack of consideration of dependencies between classes in the existing vulnerability class mining methods,software maintenance is difficult to realize.In order to mine the vulnerable classes in the software and reduce the maintenance cost of the software,this paper designs a class dependency software network vulnerable class node mining algorithm based on community partitioning for the directed weighted class dependency network.Firstly,considering the dependencies and frequency between classes in the software,a directed weighted class dependency software network is constructed.The dependency frequency is used as the weight of the directed edge of the software network,and the weighted entropy of class dependence is defined.With the weighted entropy and node betweenness,class node vulnerability measurement is designed.Aiming at the deliberate attack of class nodes with high vulnerability,with the idea of BGLL algorithm,a directed weighted class dependency software network community partitioning algorithm based on modularity is proposed to divide the community of the class dependency software network.To test the performance of the community partitioning algorithm,the number of communities and weighted modularity are obtained and analyzed.The class nodes are used in the deliberate attack strategy,and,based on the analysis of community number and modularity change,the vulnerable classes in the class dependency software network are mined.To mine software network vulnerability classes based on the result of the community partitioning,an open source software system Jmeter3.0 is used as the standard experimental data for feasibility testing.As a Java based stress testing tool,Jmeter 3.0 includes 256 classes to support software execution.Using the software network analysis platform SNAP to parse the software source code of J
作者
姜万昌
代宁
张晓茜
JIANG Wanchang;DAI Ning;ZHANG Xiaoxi(School of Computer Science,Northeast Electric Power University,Jilin 132012,China;Jilin Engineering Laboratory for Smart Grid Information Technology,Northeast Electric Power University,Jilin 132012,China)
出处
《重庆理工大学学报(自然科学)》
北大核心
2023年第7期235-244,共10页
Journal of Chongqing University of Technology:Natural Science
基金
吉林省教育厅科学技术项目(JJKH20220111KJ)。
关键词
软件网络
脆弱类
社团划分
加权熵
software network
vulnerable class
community partitioning
weighted entropy
