作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2008, Vol. 34 ›› Issue (20): 66-68. doi: 10.3969/j.issn.1000-3428.2008.20.024

• 软件技术与数据库 • 上一篇    下一篇

基于数据融合的源代码静态分析

陈 超,李 俊,孔德光   

  1. (中国科学技术大学自动化系,合肥 230027)

  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-10-20 发布日期:2008-10-20

Source Code Static Analysis Based on Data Fusion

CHEN Chao, LI Jun, KONG De-guang   

  1. (Department of Automation, University of Science & Technology of China, Hefei 230027)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-10-20 Published:2008-10-20

摘要: 采用数据融合技术对源代码进行静态分析,实现可扩展的原型系统。对现有静态分析工具的分析结果进行解析和数据融合,并对相应的参数进行估计。为便于读取和分析输出结果,采用XML格式输出结果。对常用网络软件进行测试,结果表明相对于单个源代码分析工具,该技术有效地降低了误报率和漏报率。

关键词: 漏洞检测, 静态分析, 数据融合, 误报率, 漏报率

Abstract: This paper presents a new source code static analysis technology based on data fusion and implements an extended prototype system. It interprets and makes data fusion on the outcome of different static analysis tools and evaluates the corresponding parameters. To read and analyze easily, the outcome of the system adopts XML form. After testing common network software, experimental result shows that compared with single source code analysis, this technology can reduce false positives and false negatives effectively.

Key words: vulnerability detection, static analysis, data fusion, false positives, false negatives

中图分类号: