摘要
针对静态软件安全漏洞路径数量多,识别效果差的问题,提出了基于多核集成学习的静态软件安全漏洞识别方法。采用boosting初始化静态软件训练集,使用boosting的串行集成与加权训练获取数据权重。经过boosting集成处理后,结合多核集成学习分类器获取漏洞数据分类结果。计算静态软件安全漏洞数据密度,构建漏洞数据识别模型,实现静态软件的安全漏洞识别。实验结果表明,该方法的最大识别时间为4 ms,捕获危险执行路径数未超过理想值,漏洞识别效果较好。
Aiming at the problem that the number of static software security vulnerability paths is large and the identification effect is poor,a static software security vulnerability identification method based on multi-core integrated learning is proposed.The static software training set is initialized by boosting,and the data weight is obtained by boosting’s serial integration and weighted training.After boosting integration processing,combined with multi-core ensemble learning classifier to obtain vulnerability data classification results.Calculate the data density of static software security vulnerabilities,build a vulnerability data identification model,and realize the identification of static software security vulnerabilities.The experimental results show that the maximum identification time of this method is 4 ms,the number of execution paths to capture danger does not exceed the ideal value,and the vulnerability identification effect is good.
作者
顾风军
GU Fengjun(Information Room,Fourth Medical Center of the Chinese PLA General Hospital,Beijing 100089,China)
出处
《电子设计工程》
2023年第19期73-76,81,共5页
Electronic Design Engineering
关键词
多核集成学习
静态软件
安全漏洞
识别
multi-core ensemble learning
static software
security vulnerability
identify
