摘要
现有嵌入式软件漏洞检测方法难以实现全覆盖,导致漏洞检测存在较为严重的漏检问题。基于此,本文提出基于网格扫描的嵌入式软件漏洞检测方法。将嵌入式软件的源代码划分为多个逻辑上相互独立但又相互关联的“网格”后,从静态和动态两个维度分析漏洞特征,并通过模拟攻击的动态测试方式进行验证识别。以全覆盖为目标对网格阵列进行调整,实现嵌入式软件漏洞检测。测试结果证明,该方法对不同类型漏洞的有效检出率均在99.0%以上,整体均值达到99.25%,嵌入式软件漏洞检测效果较好。
The existing embedded software vulnerability detection methods are difficult to achieve full coverage,resulting in serious missed detection problems in vulnerability detection.Based on this,this article proposes an embedded software vulnerability detection method based on grid scanning.After dividing the source code of embedded software into multiple logically independent but interrelated"grids",vulnerability characteristics are analyzed from both static and dynamic dimensions,and verified and identified through dynamic testing of simulated attacks.Adjust the grid array with the goal of full coverage to achieve embedded software vulnerability detection.The test results prove that the effective detection rate of the proposed method for different types of vulnerabilities is above 99.0%,the overall average reached 99.25%,the vulnerability detection effect of embedded software is good.
作者
蒋瑶
JIANG Yao(Yunnan Economics Trade and Foreign Affairs College,Kunming Yunnan 651700)
出处
《软件》
2024年第11期151-153,共3页
Software
关键词
网格扫描
嵌入式软件
漏洞检测
模拟攻击
网格阵列调整
grid scanning
embedded software
vulnerability detection
simulated attack
grid array adjustment
