Identify Linux Security Vulnerability Fix Patches Automatically

Zhou Peng; Wu Yanjun; Zhao Chen

doi:10.7544/issn1000-1239.20200492

Journal of Computer Research and Development > 2022 > 59(1): 197-208. > DOI: 10.7544/issn1000-1239.20200492 CSTR: 32373.14.issn1000-1239.20200492

Zhou Peng, Wu Yanjun, Zhao Chen. Identify Linux Security Vulnerability Fix Patches Automatically[J]. Journal of Computer Research and Development, 2022, 59(1): 197-208. DOI: 10.7544/issn1000-1239.20200492

Citation:

PDF (917 KB)

Identify Linux Security Vulnerability Fix Patches Automatically

Zhou Peng^1,2,
Wu Yanjun^1,3,
Zhao Chen^1,3

¹(Institute of Software, Chinese Academy of Sciences, Beijing 100190)
²(University of Chinese Academy of Sciences, Beijing 100049)
³(State Key Laboratory of Computer Science (Institute of Software, Chinese Academy of Sciences), Beijing 100190)

Funds: This work was supported by the National Key Research and Development Program of China (2018YFB0803600), the Strategic Priority Research Program of Chinese Academy of Sciences (Y8XD373105), and the Key Research Program of Frontier Sciences, CAS (ZDBS-LY-JSC038).

More Information

Published Date: December 31, 2021

Graphical Abstract

Abstract

Abstract

It is critical to catch and apply the vulnerability fix patches in time to ensure the security of information system. However, it is found that open source software maintainers often silently fix security vulnerabilities. For example, 88% of maintainers delay informing users to fix vulnerabilities in the release notes of new software version, and only 9% of the bug fixes clearly give the corresponding CVE ID, and only 3% of the fixes will actively notify the security service provider in time. In many cases, security engineers can’t directly distinguish vulnerability fixes, bug fixes, and feature patches from the code and log message of patches. As a result, vulnerability fixes can’t be identified and applied by users timely. At the same time, it is costly for users to identify vulnerability fixes from a large number of patch submissions. Taking Linux as an example, this paper presents a method of identifying vulnerability patches automatically. This method defines features for the code and log message from patches, builds machine learning model, and trains to learn classifiers that can distinguish vulnerability patches. Experiments indicate that our approach is effective, which can get 91.3% precision, 92% accuracy, 87.53% recall rate, and reduce the false positive rate to 5.2%.

FullText(HTML)

References (0)

[1]	Guo Husheng, Zhang Yutong, Wang Wenjian. Elastic Gradient Ensemble for Concept Drift Adaptation[J]. Journal of Computer Research and Development, 2025, 62(5): 1235-1247. DOI: 10.7544/issn1000-1239.202440407
[2]	Guo Husheng, Zhang Yang, Wang Wenjian. Two-Stage Adaptive Ensemble Learning Method for Different Types of Concept Drift[J]. Journal of Computer Research and Development, 2024, 61(7): 1799-1811. DOI: 10.7544/issn1000-1239.202330452
[3]	Guo Husheng, Liu Yanjie, Wang Wenjian. Concept Drift Processing Method of Streaming Data Based on Mixed Feature Extraction[J]. Journal of Computer Research and Development, 2024, 61(6): 1497-1510. DOI: 10.7544/issn1000-1239.202330184
[4]	Guo Husheng, Sun Ni, Wang Jiahao, Wang Wenjian. Concept Drift Convergence Method Based on Adaptive Deep Ensemble Networks[J]. Journal of Computer Research and Development, 2024, 61(1): 172-183. DOI: 10.7544/issn1000-1239.202220835
[5]	Guo Husheng, Cong Lu, Gao Shuhua, Wang Wenjian. Adaptive Classification Method for Concept Drift Based on Online Ensemble[J]. Journal of Computer Research and Development, 2023, 60(7): 1592-1602. DOI: 10.7544/issn1000-1239.202220245
[6]	Cai Huan, Lu Kezhong, Wu Qirong, Wu Dingming. Adaptive Classification Algorithm for Concept Drift Data Stream[J]. Journal of Computer Research and Development, 2022, 59(3): 633-646. DOI: 10.7544/issn1000-1239.20201017
[7]	Cheng Guang, Qian Dexin, Guo Jianwei, Shi Haibin, Hua, Zhao Yuyu. A Classification Approach Based on Divergence for Network Traffic in Presence of Concept Drift[J]. Journal of Computer Research and Development, 2020, 57(12): 2673-2682. DOI: 10.7544/issn1000-1239.2020.20190691
[8]	Deng Dayong, Xu Xiaoyu, Huang Houkuan. Concept Drifting Detection for Categorical Evolving Data Based on Parallel Reducts[J]. Journal of Computer Research and Development, 2015, 52(5): 1071-1079. DOI: 10.7544/issn1000-1239.2015.20140275
[9]	Guo Gongde, Li Nan, and Chen Lifei. Concept Drift Detection for Data Streams Based on Mixture Model[J]. Journal of Computer Research and Development, 2014, 51(4): 731-742.
[10]	Xin Yi, Guo Gongde, Chen Lifei, Bi Yaxin. IKnnM-DHecoc: A Method for Handling the Problem of Concept Drift[J]. Journal of Computer Research and Development, 2011, 48(4): 592-601.

Cited By

Cited by

Periodical cited type(7)

1.	朱思峰，王钰，陈昊，朱海，柴争义，杨诚瑞. 车联网边缘计算场景下基于改进型NSGA-Ⅱ算法的边缘服务器部署决策. 物联网学报. 2024(01): 84-97 .
2.	门红蕾，曹利，郑国莉，李原帅，马海英. 车联网基于稀疏用户环境的LBS隐私保护方案. 计算机应用研究. 2024(09): 2831-2838 .
3.	汪洋，叶挺，李廷文，吴兵. 自主船舶航行系统信息空间安全：挑战与探索. 华中科技大学学报(自然科学版). 2023(02): 64-76 .
4.	郑莹莹，周俊龙，申钰凡，丛佩金，吴泽彬. 时间和能量敏感的端——边—云车路协同系统资源调度优化方法. 计算机研究与发展. 2023(05): 1037-1052 . 本站查看
5.	况博裕，李雨泽，顾芳铭，苏铓，付安民. 车联网安全研究综述：威胁、对策与未来展望. 计算机研究与发展. 2023(10): 2304-2321 . 本站查看
6.	王晨，郑文英，王惟正，谭皓文. 边缘计算数据安全保护研究综述. 网络空间安全科学学报. 2023(02): 35-45 .
7.	邓雨康，张磊，李晶. 车联网隐私保护研究综述. 计算机应用研究. 2022(10): 2891-2906 .