• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Zhou Peng, Wu Yanjun, Zhao Chen. Identify Linux Security Vulnerability Fix Patches Automatically[J]. Journal of Computer Research and Development, 2022, 59(1): 197-208. DOI: 10.7544/issn1000-1239.20200492
Citation: Zhou Peng, Wu Yanjun, Zhao Chen. Identify Linux Security Vulnerability Fix Patches Automatically[J]. Journal of Computer Research and Development, 2022, 59(1): 197-208. DOI: 10.7544/issn1000-1239.20200492
shu

Identify Linux Security Vulnerability Fix Patches Automatically

  • 1(Institute of Software, Chinese Academy of Sciences, Beijing 100190)

  • 2(University of Chinese Academy of Sciences, Beijing 100049)

  • 3(State Key Laboratory of Computer Science (Institute of Software, Chinese Academy of Sciences), Beijing 100190)

Funds: This work was supported by the National Key Research and Development Program of China (2018YFB0803600), the Strategic Priority Research Program of Chinese Academy of Sciences (Y8XD373105), and the Key Research Program of Frontier Sciences, CAS (ZDBS-LY-JSC038).
More Information
  • Published Date: December 31, 2021
    Graphical Abstract
    • Abstract
  • It is critical to catch and apply the vulnerability fix patches in time to ensure the security of information system. However, it is found that open source software maintainers often silently fix security vulnerabilities. For example, 88% of maintainers delay informing users to fix vulnerabilities in the release notes of new software version, and only 9% of the bug fixes clearly give the corresponding CVE ID, and only 3% of the fixes will actively notify the security service provider in time. In many cases, security engineers can’t directly distinguish vulnerability fixes, bug fixes, and feature patches from the code and log message of patches. As a result, vulnerability fixes can’t be identified and applied by users timely. At the same time, it is costly for users to identify vulnerability fixes from a large number of patch submissions. Taking Linux as an example, this paper presents a method of identifying vulnerability patches automatically. This method defines features for the code and log message from patches, builds machine learning model, and trains to learn classifiers that can distinguish vulnerability patches. Experiments indicate that our approach is effective, which can get 91.3% precision, 92% accuracy, 87.53% recall rate, and reduce the false positive rate to 5.2%.
    • FullText(HTML)
    • References (0)
    • Related Articles

  • Related Articles

    [1]Wang Haitao, Li Zhanhuai, Zhang Xiao, Bu Hailong, Kong Lanxin, Zhao Xiaonan. Virtual Machine Resources Allocation Methods Based on History Data[J]. Journal of Computer Research and Development, 2019, 56(4): 779-789. DOI: 10.7544/issn1000-1239.2019.20170831
    [2]Liu Weijie, Wang Lina, Tan Cheng, Xu Lai. A Virtual Machine Introspection Triggering Mechanism Based on VMFUNC[J]. Journal of Computer Research and Development, 2017, 54(10): 2310-2320. DOI: 10.7544/issn1000-1239.2017.20170452
    [3]Shi Yuan, Zhang Huanguo, Wu Fusheng. A Method of Constructing the Model of Trusted Virtual Machine Migration[J]. Journal of Computer Research and Development, 2017, 54(10): 2284-2295. DOI: 10.7544/issn1000-1239.2017.20170465
    [4]Luo Yang, Xia Chunhe, Li Yazhuo, Wei Zhao, Liang Xiaoyan. A Polymorphic Shellcode Detection Method Based on Dual-Mode Virtual Machine[J]. Journal of Computer Research and Development, 2014, 51(8): 1704-1714. DOI: 10.7544/issn1000-1239.2014.20121149
    [5]Cai Wanwei, Tai Yunfang, Liu Qi, Zhang Ge. Memory Virtulization on MIPS Architecture[J]. Journal of Computer Research and Development, 2013, 50(10): 2247-2252.
    [6]Zhang Xiang, Huo Zhigang, Ma Jie, Meng Dan. Fast and Live Whole-System Migration of Virtual Machines[J]. Journal of Computer Research and Development, 2012, 49(3): 661-668.
    [7]Wang Kai, Hou Zifeng. A Relaxed Co-Scheduling Method of Virtual CPUs on Xen Virtual Machines[J]. Journal of Computer Research and Development, 2012, 49(1): 118-127.
    [8]Wang Kai, Hou Zifeng. An Adaptive Scheduling Method of Weight Parameter Adjustment on Virtual Machines[J]. Journal of Computer Research and Development, 2011, 48(11): 2094-2102.
    [9]Jin Hai, Zhong Alin, Wu Song, and Shi Xuanhua. Virtual Machine VCPU Scheduling in the Multi-core Environment:Issues and Challenges[J]. Journal of Computer Research and Development, 2011, 48(7): 1216-1224.
    [10]Chen Hui, Chen Yiyun, Wu Ping, and Xiang Sen. A Typed Low-Level Language Used in Java Virtual Machine[J]. Journal of Computer Research and Development, 2006, 43(1): 15-22.

  • Cited by

    Periodical cited type(2)

    1. 刘海峰,徐丽丽,武堂颖. 无线传感器网络恶意信标干扰信号协同过滤方法. 传感技术学报. 2024(11): 1971-1975 .
    2. 崔莉,周钧锴,王念,肖京,季宇宣,姜美驰. 便携式非特异性腰痛测量系统研制. 中国医疗器械杂志. 2021(05): 473-478 .

    Other cited types(2)

Catalog

    Get Citation
    PDF
    XML
    Article views (724) PDF downloads (264) Cited by(4)
    Turn off MathJax
    Article Contents
    Abstract
    Related Articles
    Email Alert RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    Copyright © Editorial Department of Computer Research and Development

    Supported by: Beijing Renhe Information Technology Co., Ltd. Baidu Analytics

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return