Abstract
Open source software has been widely used in various industries due to its openness and flexibility, but it also brings potential security problems. Therefore, security analysis is required before using open source software. The current mainstream open source software vulnerability analysis technology is based on source code, and there are problems such as false positives, false negatives and restatements. In order to solve the problems, based on the further study of behavior feature extraction and vulnerability detection technology, a method of using dynamic behavior features to detect open source software vulnerabilities is proposed. Firstly, the relationship between open source software vulnerability and API call sequence is studied. Then, the behavioral risk vulnerability database of open source software is proposed as a support for vulnerability detection. In addition, the CNN-IndRNN classification model is constructed by improving the Independently Recurrent Neural Net-work (IndRNN) algorithm and applies to open source software security vulnerability detection. The experimental results verify the effectiveness of the proposed open source software security vulnerability detection method based on dynamic behavior features.
Highlights
In recent years, with the development of computer technology, especially the rise of Internet technology and related companies, open source software has greatly improved in terms of its performance, compatibility and user-friendliness
The experimental data in this paper is from the official website of the National Institute of Standards and Technology (NIST) [25] and contains examples of vulnerabilities in various CWE standard libraries
200 samples were used as training data (110 positive samples, 90 negative samples), and the remaining 100 samples (50 positive samples, 50 negative samples) were used to verify the vulnerability detection effect of the Convolutional neural networks (CNN)-Independently Recurrent Neural Net-work (IndRNN) model
Summary
With the development of computer technology, especially the rise of Internet technology and related companies, open source software has greatly improved in terms of its performance, compatibility and user-friendliness. Open source software has brought amazing changes to the software industry with its openness and flexibility. With the open source software developing rapidly, it brings us huge security problems [1,2,3,4]. From the beginning of 2015 to the beginning of 2017, the 360 security team selected 2228 open source projects from GitHub, Source forge and other open source communities for testing. The total number of detection codes was 257,835,574 lines. They found 2,626,352 source code defects and the overall average
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
