• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Zhou Peng, Wu Yanjun, Zhao Chen. Identify Linux Security Vulnerability Fix Patches Automatically[J]. Journal of Computer Research and Development, 2022, 59(1): 197-208. DOI: 10.7544/issn1000-1239.20200492
Citation: Zhou Peng, Wu Yanjun, Zhao Chen. Identify Linux Security Vulnerability Fix Patches Automatically[J]. Journal of Computer Research and Development, 2022, 59(1): 197-208. DOI: 10.7544/issn1000-1239.20200492
shu

Identify Linux Security Vulnerability Fix Patches Automatically

  • 1(Institute of Software, Chinese Academy of Sciences, Beijing 100190)

  • 2(University of Chinese Academy of Sciences, Beijing 100049)

  • 3(State Key Laboratory of Computer Science (Institute of Software, Chinese Academy of Sciences), Beijing 100190)

Funds: This work was supported by the National Key Research and Development Program of China (2018YFB0803600), the Strategic Priority Research Program of Chinese Academy of Sciences (Y8XD373105), and the Key Research Program of Frontier Sciences, CAS (ZDBS-LY-JSC038).
More Information
  • Published Date: December 31, 2021
    Graphical Abstract
    • Abstract
  • It is critical to catch and apply the vulnerability fix patches in time to ensure the security of information system. However, it is found that open source software maintainers often silently fix security vulnerabilities. For example, 88% of maintainers delay informing users to fix vulnerabilities in the release notes of new software version, and only 9% of the bug fixes clearly give the corresponding CVE ID, and only 3% of the fixes will actively notify the security service provider in time. In many cases, security engineers can’t directly distinguish vulnerability fixes, bug fixes, and feature patches from the code and log message of patches. As a result, vulnerability fixes can’t be identified and applied by users timely. At the same time, it is costly for users to identify vulnerability fixes from a large number of patch submissions. Taking Linux as an example, this paper presents a method of identifying vulnerability patches automatically. This method defines features for the code and log message from patches, builds machine learning model, and trains to learn classifiers that can distinguish vulnerability patches. Experiments indicate that our approach is effective, which can get 91.3% precision, 92% accuracy, 87.53% recall rate, and reduce the false positive rate to 5.2%.
    • FullText(HTML)
    • References (0)
    • Related Articles

  • Related Articles

    [1]Wang Haitao, Li Zhanhuai, Zhang Xiao, Bu Hailong, Kong Lanxin, Zhao Xiaonan. Virtual Machine Resources Allocation Methods Based on History Data[J]. Journal of Computer Research and Development, 2019, 56(4): 779-789. DOI: 10.7544/issn1000-1239.2019.20170831
    [2]Liu Weijie, Wang Lina, Tan Cheng, Xu Lai. A Virtual Machine Introspection Triggering Mechanism Based on VMFUNC[J]. Journal of Computer Research and Development, 2017, 54(10): 2310-2320. DOI: 10.7544/issn1000-1239.2017.20170452
    [3]Shi Yuan, Zhang Huanguo, Wu Fusheng. A Method of Constructing the Model of Trusted Virtual Machine Migration[J]. Journal of Computer Research and Development, 2017, 54(10): 2284-2295. DOI: 10.7544/issn1000-1239.2017.20170465
    [4]Luo Yang, Xia Chunhe, Li Yazhuo, Wei Zhao, Liang Xiaoyan. A Polymorphic Shellcode Detection Method Based on Dual-Mode Virtual Machine[J]. Journal of Computer Research and Development, 2014, 51(8): 1704-1714. DOI: 10.7544/issn1000-1239.2014.20121149
    [5]Cai Wanwei, Tai Yunfang, Liu Qi, Zhang Ge. Memory Virtulization on MIPS Architecture[J]. Journal of Computer Research and Development, 2013, 50(10): 2247-2252.
    [6]Zhang Xiang, Huo Zhigang, Ma Jie, Meng Dan. Fast and Live Whole-System Migration of Virtual Machines[J]. Journal of Computer Research and Development, 2012, 49(3): 661-668.
    [7]Wang Kai, Hou Zifeng. A Relaxed Co-Scheduling Method of Virtual CPUs on Xen Virtual Machines[J]. Journal of Computer Research and Development, 2012, 49(1): 118-127.
    [8]Wang Kai, Hou Zifeng. An Adaptive Scheduling Method of Weight Parameter Adjustment on Virtual Machines[J]. Journal of Computer Research and Development, 2011, 48(11): 2094-2102.
    [9]Jin Hai, Zhong Alin, Wu Song, and Shi Xuanhua. Virtual Machine VCPU Scheduling in the Multi-core Environment:Issues and Challenges[J]. Journal of Computer Research and Development, 2011, 48(7): 1216-1224.
    [10]Chen Hui, Chen Yiyun, Wu Ping, and Xiang Sen. A Typed Low-Level Language Used in Java Virtual Machine[J]. Journal of Computer Research and Development, 2006, 43(1): 15-22.

  • Cited by

    Periodical cited type(4)

    1. 崔建群 ,晏晖然 ,常亚楠 ,高梦楠 ,马致远 . 融合协同过滤和相遇概率预测的DTN路由算法. 小型微型计算机系统. 2025(03): 735-743 .
    2. 王新科,高瑞敏. 基于DTN路由的多通路精准灌溉系统布局设计. 农机化研究. 2024(07): 141-145 .
    3. 陈启航,马大玮,张世伟,肖玲娜,李成俊. 一种基于地理位置信息的机会网络路由. 通信技术. 2022(08): 1020-1025 .
    4. 涂芳,曾铭,邓左祥. 车联网ABC及研究综述. 科技视界. 2022(28): 1-4 .

    Other cited types(1)

Catalog

    Get Citation
    PDF
    XML
    Article views (725) PDF downloads (264) Cited by(5)
    Turn off MathJax
    Article Contents
    Abstract
    Related Articles
    Email Alert RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    Copyright © Editorial Department of Computer Research and Development

    Supported by: Beijing Renhe Information Technology Co., Ltd. Baidu Analytics

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return