基于漏洞运行时特征的漏洞自动分类技术

In recent years, with the rapid development of the Internet and computers, the number of software vulnerabilities has also exploded. In order to efficiently manage multiple types of software vulnerabilities, vulnerability classification technology came into being. The existing vulnerability classification technologies are mainly divided into two types: one is to extract the vulnerability features from thedescription information in the data files such as CVE or NVD, and classify vulnerabilities according to the text semantics; the other is to statically analyze the vulnerability source code or binary codeto implement vulnerability classification. This paper uses the runtime information as the core feature of software vulnerabilities.First, monitor running states of vulnerable program at the instruction flow level through dynamic instrumentation techology, extract registers and instruction sequences at runtime as vulnerability features. Then, utilize a filter feature selection which combines a variety of correlation meatures to select core vulnerability features. Finally, through the machine learning technology, the single feature model of each vulnerability feature is selected, which is merged to construct the final vulnerability prediction classification model.