An integration testing framework and evaluation metric for vulnerability mining methods

Abstract

Software vulnerability mining is an important way to detect whether there are some loopholes existing in the software, and also is an important way to ensure the security of information systems. With the rapid development of information technology and software industry, most of the software has not been rigorously tested before being put in use, so that the hidden vulnerabilities in software will be exploited by the attackers. Therefore, it is of great significance for us to actively detect the software vulnerabilities in the security maintenance of information systems. In this paper, we firstly studied some of the commonly used vulnerability detection methods and detection tools, and analyzed the advantages and disadvantages of each method in different scenarios. Secondly, we designed a set of evaluation criteria for different mining methods in the loopholes evaluation. Thirdly, we also proposed and designed an integration testing framework, on which we can test the typical static analysis methods and dynamic mining methods as well as make the comparison, so that we can obtain an intuitive comparative analysis for the experimental results. Finally, we reported the experimental analysis to verify the feasibility and effectiveness of the proposed evaluation method and the testing framework, with the results showing that the final test results will serve as a form of guidance to aid the selection of the most appropriate and effective method or tools in vulnerability detection activity.