代码审计系统的误报率成因和优化

doi:10.11959/j.issn.1000-0801.2020324

Abstract

Abstract:

Code review technology has become a pivotal part in the construction of network security.Analysis of the test reports obtained by the current code auditing system shows that there are many false positives in the report.The shortcomings in the development of the code audit system were summarized,the principles of different detection algorithms were briefly described,the causes of false alarm rates were analyzed,corresponding optimization ideas were proposed,the technical principles of optimization were explained,and the application scenarios of optimization schemes were described.

Key words: code review, static analysis technology, network security

CLC Number:

TN915.9

Yuanying XIAO,Yaodong YOU,Lixi XIANG. Causes and optimization of the false alarm rate of code review system[J]. Telecommunications Science, 2020, 36(12): 155-162.

Figures/Tables 4

References 10

[1]	罗琴灵 . 基于静态检测的代码审计技术研究[D]. 贵阳:贵州大学, 2015.
	LUO Q L . Research on code audit technology based on static detection[D]. Guizhou:Guizhou University, 2015.
[2]	王优楠 . 一种 XSS 漏洞灰盒检测方案的设计与实现[D]. 成都:电子科技大学, 2017.
	WANG Y N . Design and implementation of a XSS vulnerability grey box detection scheme[D]. Chengdu:University of Electronic Science and Technology of China, 2017.
[3]	何斌颖, 杨林海 . Web 代码安全人工审计内容的研究[J]. 江西科学, 2014,32(4): 536-537.
	HE B Y , YANG L H . A study of Web artificial code security audit[J]. Jiangxi Science, 2014,32(4): 536-537.
[4]	梁业裕, 徐坦, 宁建创 ,等. 代码审计工作在整个安全保障体系中的重要价值[J]. 计算机安全, 2012(12): 32-34.
	LIANG Y Y , XU T , NING J C ,et al. The important value of code audit work in the whole security system[J]. Network and Computer Security, 2012(12): 32-34.
[5]	柳毅, 洪俊斌 . 基于网络爬虫与页面代码行为的XSS漏洞动态检测方法[J]. 电信科学, 2016,32(3): 87-91.
	LIU Y , HONG J B . A dynamic detection method based on Web crawler and page code behavior for XSS vulnerability[J]. Telecommunications Science, 2016,32(3): 87-91.
[6]	乔涛 . 跨站脚本漏洞检测与防御技术研究[D]. 扬州:扬州大学, 2017.
	QIAO T . Research on cross-site scripting vulnerability detection and defense technology[D]. Yangzhou:Yangzhou University, 2017.
[7]	许波 . 代码安全审计工作之我见[J]. 信息科技探索, 2020(5): 130-132.
	XU B . My view on code security audit[J]. Public Communication of Science ＆ Technology, 2020(5): 130-132.
[8]	王晓萌 . 深度学习源代码缺陷检测方法[J]. 北京理工大学学报, 2019(11): 1155-1156.
	WANG X M . Source code defect detection based on deep learning[J]. Transactions of Beijing Institute of Technology, 2019(11): 1155-1156.
[9]	李珍, 邹德清, 王泽丽 ,等. 面向源代码的软件漏洞静态检测综述[J]. 网络与信息安全学报, 2019(2): 2-4.
	LI Z , ZOU D Q , WANG Z L ,et al. Survey on static software vulnerability detection for source code[J]. Chinese Journal of Network and Information Security, 2019(2): 2-4.
[10]	黄显果, 王鹏, 刘静静 ,等. 基于工具检测的源代码静态测试技术研究[J]. 软件研发与应用, 2019(5): 17-19.
	HUANG X G , WANG P , LIU J J ,et al. Research on source code static testing technology based on tool detection[J]. Computer Programming Skills ＆ Maintenance, 2019(5): 17-19.

Metrics

Recommended 0

No Suggested Reading articles found!

类别	工具
编码规范检测	Parasoft C++ Test
	LDRA Testbed
	IBM Rational Rule Checker
	CppCheck
	Gimpel Software Pc-lint
	…
安全性检测	Fortify SCA
	Secure Yun-ZBG
	CheckMarks
	CoBOT
	…
运行时错误检测	Matlab PolaySpace
	Parasoft insure++
	…

[1]	Le ZHANG, Hongyuan MA. Practice on edge cloud security of telecom operators [J]. Telecommunications Science, 2023, 39(4): 165-172.
[2]	Weixiong CHEN, Xiaochen YANG, Zengjun CHUN, Ruolan LI, Hua ZHANG. Research and practice of network security threat intelligence management system for power enterprise [J]. Telecommunications Science, 2022, 38(7): 184-189.
[3]	Yatian LIU, Bowen HU, Maofei CHEN, Dongxin LIU. Study on the 5GC security situational awareness system [J]. Telecommunications Science, 2022, 38(11): 73-85.
[4]	Yue GU, Dan LI, Kaihui GAO. Research on network traffic classification based on machine learning and deep learning [J]. Telecommunications Science, 2021, 37(3): 105-113.
[5]	Ming GAO,Jin LUO,Huiying ZHOU,Hai JIAO,Lili YING. A differential feedback scheduling decision algorithm based on mimic defense [J]. Telecommunications Science, 2020, 36(5): 73-82.
[6]	Zhiqiang YANG,Li SU,Minpeng QI,Bo YANG. Overview and prospect of 5G security [J]. Telecommunications Science, 2020, 36(12): 1-19.
[7]	Guofeng HE. Application protection in 5G cloud network using zero trust architecture [J]. Telecommunications Science, 2020, 36(12): 123-132.
[8]	Ping XIE,Xiaosong LIU. Security of the deployment of SDN-based IoT using blockchain [J]. Telecommunications Science, 2020, 36(12): 139-146.
[9]	Hang YU,Shuai WANG,Huamin JIN. RASP based Web security detection method [J]. Telecommunications Science, 2020, 36(11): 113-120.
[10]	Junwen WANG. Technical requirement of future industrial internet [J]. Telecommunications Science, 2019, 35(8): 26-38.
[11]	Cong LI, Bo LEI, Chongfeng XIE, Yunhe LI. Trustworthy network based on blockchain technology [J]. Telecommunications Science, 2019, 35(10): 60-68.
[12]	Jianquan WANG,Zhangchao MA,Xinzhong LI,Lei SUN,Changwei HU. Quantum secure communication network architecture and mobile application solution [J]. Telecommunications Science, 2018, 34(9): 10-19.
[13]	. Interestmeasurement and system construction of personal information protectionLI Meiyan [J]. Telecommunications Science, 2018, 34(8): 160-166.
[14]	Qi LIANG. Security＆ safety protection solution of ICS [J]. Telecommunications Science, 2018, 34(4): 144-150.
[15]	Ye CHEN,Dongjin XU,Liang XIAO. Survey on network security based on blockchain [J]. Telecommunications Science, 2018, 34(3): 10-16.

Causes and optimization of the false alarm rate of code review system

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 10

Related Articles 15

Metrics

Recommended 0