Open source software security vulnerability detection based on dynamic behavior features.

• Main Authors: Yuancheng Li, Longqiang Ma, Liang Shen, Junfeng Lv, Pan Zhang
• Format: Article
• Language: English
• Published: Public Library of Science (PLoS) 2019-01-01
• Series: PLoS ONE
• Online Access: https://doi.org/10.1371/journal.pone.0221530

Open source software has been widely used in various industries due to its openness and flexibility, but it also brings potential security problems. Therefore, security analysis is required before using open source software. The current mainstream open source software vulnerability analysis technology is based on source code, and there are problems such as false positives, false negatives and restatements. In order to solve the problems, based on the further study of behavior feature extraction and vulnerability detection technology, a method of using dynamic behavior features to detect open source software vulnerabilities is proposed. Firstly, the relationship between open source software vulnerability and API call sequence is studied. Then, the behavioral risk vulnerability database of open source software is proposed as a support for vulnerability detection. In addition, the CNN-IndRNN classification model is constructed by improving the Independently Recurrent Neural Net-work (IndRNN) algorithm and applies to open source software security vulnerability detection. The experimental results verify the effectiveness of the proposed open source software security vulnerability detection method based on dynamic behavior features.