CN104751059A - Function template based software behavior analysis method - Google Patents
Function template based software behavior analysis method Download PDFInfo
- Publication number
- CN104751059A CN104751059A CN201510191154.8A CN201510191154A CN104751059A CN 104751059 A CN104751059 A CN 104751059A CN 201510191154 A CN201510191154 A CN 201510191154A CN 104751059 A CN104751059 A CN 104751059A
- Authority
- CN
- China
- Prior art keywords
- software
- function
- api
- source code
- transition diagram
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention relates to a function template based software behavior analysis method and belongs to the field of information safety. The method comprises three steps of pretreatment, modeling and detection. Pretreatment comprises inserting a self-defined partition function to achieve software source code marking to obtain marked software source codes and marked software; modeling comprises setting a software source code function transform diagram according to the function calling relation in the marked source codes, and monitoring the called API by running the marked software to obtain a software API minimum function block transfer diagram; detection comprises performing pretreatment and modeling on to-be-tested software source codes to obtain a to-be-tested software source code function transfer diagram and a to-be-tested software API minimum function block transfer diagram, and comparing the to-be-tested software source code function transfer diagram and the to-be-tested software API minimum function block transfer diagram with the software source code function transfer diagram and the software API minimum function block transfer diagram to determine whether to-be-tested software behaviors are abnormal. The method is simple and easy to implement, and the software behaviors can be monitored effectively.
Description
Technical field:
The present invention relates to a kind of software action analytical technology, be specifically related to a kind of software action analytical approach, belong to information security field.
Background technology
In today of Informatization Development, people are when solving practical problems, and also increasing to the demand of software, this has also impelled further developing of software industry.Software is along with the increase of people's demand, and its function is also complicated gradually, and scale is also huge all the more, and meanwhile, the safety of software is not only related to the dribs and drabs of our life, also has inseparable contacting with society, nation's security.
But and the software of not all normally can run by the intention of software programming person, dysfunction is there is in some software time under attack, while corresponding function is provided, owing to there is aacode defect or source code by malicious modification, thus serious consequence may be brought.
In the information system, the supervision informatization such as information, safety guarantee of financial supervision, Financial Information, state key industry etc., people's malicious operation software institute produces in malicious act and running software and produces malicious act and be all difficult to retrain by mode that is moral or law.Therefore, set up in computer techno-stress a set of software action rule or behaviour template become researcher pay close attention to emphasis.
The target of software action research carries out behavior modeling and detection by behavioural analysis and study, is mainly divided into three kinds of methods: static state modeling method, dynamic modelling method and hybrid modeling method according to modeling pattern.Static state modeling method to rely on and the execution route analyzing source code sets up correct behavior pattern, carries out alarm during detection to the code sequence that may there is leak.Dynamic modelling method is in the process of running software, by the method that loads to learning, modeling, detection.Hybrid modeling method is comprehensively based on static modelling, and recycling dynamic modeling technology carries out auxiliary revision to model.
The normal state transition diagram adopting the method establishment software action of hidden Markov chain at present, but the method for hidden Markov chain adopts a fuzzy concept to each state, the not numerical value or state determined, therefore Shortcomings in detection of malicious software action.
Summary of the invention
For the deficiency of the above-mentioned existing software action technical research pointed out, the present invention proposes a kind of software action analytical approach based on function template, by setting up the Efficient Evaluation of software action template realization to software action.
As shown in Figure 1, the software action analytical approach based on function template described in the present invention comprises pre-service, modeling and detection, and wherein pre-service carries out pretreatment operation to software source code; Namely modeling learns software action and sets up software action template; Detect and namely software action is detected.
The described software action analytical approach based on function template comprises the following steps:
Step 1: pre-service.
Step 1.1: insert self-defining segmentation function between every two functions of software source code, segmentation function inserts in source code in order to the operation of simulation softward breakpoint.Using each segmentation function as a mark, the software source code through mark is called and marks source code, and corresponding software is called marker software.
Step 2: modeling, described modeling be by the source code of mark obtained in described pre-service and marker software analyze, obtain software source code function transition diagram and the minimum functional block transition diagram of software API, and in this, as the software action template of this software under testing.
Step 2.1: first the concept related in described modeling is defined:
Node: this method is studied in units of function, the definition of node comprises the continuous number of run of source filename belonging to function, function and Same Function.Node definition described in this method is:
[node]:function[file]:xxx.cpp{[constitute]:n}
Wherein, [node] is vertex ticks, represents that following content is nodal information.Function is the function name of this node.[file] is source code file mark, xxx.cpp source code file name belonging to function after expression colon.... in be node Alternative Content, as function operation number of times >1, mark [constitute]: n, n are the continuous number of run of function operation.
Redirect: in operational process, performs the process of next node, is called redirect from a node.A node can jump to multiple node.
Step 2.2: obtain software source code function transition diagram.
Based on described definition, mark function calling relationship in source code according to described, generate software source code function transition diagram.In the software source code function transition diagram generated, first called function in marker software source code is considered as first operation function, and this function place node is called entrance.In the software source code function transition diagram generated, there is the node without redirect, be called outlet.Outlet represents the end of software program or one group of function.
Step 2.3: obtain the minimum functional block transition diagram of software API.
Marker software described in operation, application API (Application Programming Interface, application programming interface) is called adviser tool and is monitored called API sequence, obtains the API sequence of marker software.Because it is identical to be arranged in the API sequence that the segmentation function between function calls at operational process, so claiming segmentation function to run API sequence of calling is sequence of partitions.Sequence of partitions as division mark, for will mark and described in splitting marker software run the API sequence called.The API sequence fragment that divided sequences segmentation is formed, is called API functional block.The API sequence that marker software is called is represented according to the context of sequence API functional block, is called marker software API functional block transition diagram.
Due in computer run process, code running environment, stress state, running status change all to some extent, marker software described in repeatedly running, and obtain each group API functional block, when operation result meets the following conditions, and marker software out of service:
API sequence x100% >=95% obtained in API sequence/this operation that marker software API functional block transition diagram has been contained
Each group API functional block that comparative analysis obtains, gets maximum public part as the minimum functional block of this group API, forms the minimum functional block transition diagram of software API.
The software source code function transition diagram described modeling generated and the minimum functional block transition diagram of software API are as the software action template of software under testing.
Step 3: detect.
Step 3.1: pre-service and modeling process described in possibility software under testing source code under attack or that distort carry out step 1, thus obtain software under testing source code function transition diagram and the minimum functional block transition diagram of software under testing API.
Step 3.2: the software source code function transition diagram that modeling described in software under testing source code function transition diagram and step 2 generates is compared, whether inspection node, redirect, entrance, outlet be consistent, when non-existent path in software source code function transition diagram appears in software under testing source code function transition diagram, or time inconsistent in the path file content of software under testing source code function transition diagram and software source code function transition diagram, report to the police in time.
Step 3.3: software under testing source code function transition diagram detects on N/R basis, minimum for software under testing API functional block transition diagram and the minimum functional block transition diagram of software API are compared, if software under testing API minimum functional block transition diagram does not mate with the minimum functional block transition diagram of software API, then report to the police in time.
The present invention, by analyzing software source code, obtains software action template and in this, as the rule of conduct of software under testing.The software under testing source code function transition diagram obtained when truly being run by software under testing and the software action template of the minimum functional block transition diagram of software under testing API and generation are compared, and judge that whether software action is abnormal.The inventive method is simple, effectively can realize software action and detect.
Accompanying drawing explanation
Fig. 1: based on the software action analytical approach process flow diagram of function template;
Fig. 2: RSS reader software behaviour template generative process figure.
Wherein a is the pre-service of RSS reader software function, and b is the modeling of RSS reader software behaviour template.
Embodiment
Below in conjunction with accompanying drawing, the software action analytical approach based on function template in the specific embodiment of the present invention is described, but the present invention is not limited to following examples.
Embodiment 1
As shown in Figure 2, to be detected as example to RSS reader software.
Step 1: pre-service.
Step 1.1: insert segmentation function int3 between every two functions of RSS reader software source code, the operation of segmentation function int3 simulation softward breakpoint, using each segmentation function int3 as a mark, RSS reader software source code through mark is called and marks RSS reader source code, and corresponding software is called and marks RSS reader software (see Fig. 2 (a)).
Step 2: modeling.
Step 2.1: first the concept that described modeling relates to is defined:
Node: this method is analyzed in units of function to mark in RSS reader source code, the definition of node comprises and marks function in RSS reader source code, marks the source filename in RSS reader source code belonging to function and marked the continuous number of run of Same Function in RSS reader source code.In Fig. 2 (a), CAgileReaderApp, InitInstance, CAgileReaderDoc ... ~ CMainFramew has marked the function in RSS reader software source code.Wherein, the source file belonging to function CAgileReaderApp is AgileReader.cpp, and function CAgileReaderApp is called for many times, is namely expressed as with described node definition:
[node]:CAgileReaderApp[file]:AgileReader.cpp[constitute]:3
Wherein, node is function place node, and file is function place filename.As function operation number of times >1, mark [constitute]: n, n are the continuous number of run of function operation.CAgileReaderApp [file]: AgileReader.cpp is [node]: CAgileReaderApp [file]: the subfunction of AgileReader.cpp.AgileReader.cpp continuous number of run is 3 times, is greater than 1 time, then mark with constitute label symbol.[constitute]: 3 representative function CAgileReaderApp are in RSS reader software is run, and this continuous number of run maximal value is 3.
Redirect: in operational process, performs the process of next node, is called redirect from a node.A node can jump to multiple node.[node]: CAgileReaderApp [file]: AgileReader.cpp [constitute]: 3 can jump to [node]: InitInstance [file]: AgileReader.cpp and [node]: CAgileReaderDoc [file]: AgileReaderDoc.cpp.
Step 2.2: obtain software under testing source code function transition diagram.
Based on described definition, mark function calling relationship in RSS reader source code according to described, generate RSS reader software source code function transition diagram.In the RSS reader software source code function transition diagram generated, be considered as first operation function by marking first called function CAgileReaderApp in RSS reader software source code, the node at this function place is called entrance.Node [node]: CAgileReaderApp [file]: AgileReader.cpp [constitute]: 3 is the starting point that software RS S reader runs, then [node]: CAgileReaderApp [file]: AgileReader.cpp [constitute]: 3 is the entrance of figure.
In the RSS reader software source code function transition diagram generated, there is the node without redirect, be called outlet.Outlet represents the end of software program or one group of function.[node]: ~ CMainFrame [file]: MainFrm.cpp is without redirect node, be then the outlet of figure.
Step 2.3: obtain the minimum functional block transition diagram of RSS reader software API.
Marked RSS reader software described in operation, application API Calls adviser tool is monitored called API sequence, has been marked the API sequence of RSS reader software.Because it is identical to be arranged in the API sequence that the segmentation function int3 between function calls at operational process, so claiming segmentation function int3 to run API sequence of calling is int3 sequence of partitions.Mark RSS reader software to run the API sequence called and be divided into by int3 sequence of partitions and mark RSS reader software API sequence fragment, be called RSS reader software API functional block.Representing marking the API sequence that RSS reader software calls with marking RSS reader software API functional block according to the context of sequence, being called RSS reader software API functional block transition diagram.As [node]: CAgileReaderApp [file]: AgileReader.cpp [constitute]: 3 run time the API sequence called be
SetBkColor SH
GetFolderPathW
GetWindowRgnBox
GetWindowDC
SetBkMode
Due in computer run process, code running environment, stress state, running status change all to some extent, run by four times, operation result meets during API sequence/four time software under testing that RSS reader software API functional block transition diagram to be measured contains runs API sequence x100% >=95% obtained, and has out of servicely marked RSS reader software.
Wherein, [node]: CAgileReaderApp [file]: AgileReader.cpp [constitute]: the corresponding A PI sequence of 3 is respectively:
By the maximum public part of the API sequence of acquisition, i.e. the maximum public part of RSS reader software API functional block, as the minimum functional block of this group API.This group common sequence is
SetBkColor SH
GetFolderPathW
GetWindowRgnBox
GetWindowDC
This part is [node]: CAgileReaderApp [file]: AgileReader.cpp [constitute]: the minimum function switch block of API of 3 correspondences, and the minimum functional block transition diagram of RSS reader software API of formation is as shown in Fig. 2 (b).
Using generate RSS reader software source code function transition diagram and RSS reader software API minimum functional block transition diagram as RSS reader software behaviour template to be measured.
Step 3: detect.
Step 3.1: pre-service and modeling process described in possibility RSS reader software source code to be measured under attack or that distort carry out step 1, thus obtain RSS reader software source code function transition diagram to be measured and the minimum functional block transition diagram of RSS reader software API to be measured.
Step 3.2: RSS reader software source code function transition diagram to be measured and RSS reader software source code function transition diagram are compared, whether inspection node, redirect, entrance, outlet be consistent.
As [node]: CAgileReaderApp [file]: AgileReader.cpp [constitute] in RSS reader software source code: 3, for continuous number of run is 3 to the maximum,
If in RSS reader software source code to be measured [node]: CAgileReaderApp [file]: AgileReader.cpp [constitute]: 3 are less than or equal to 3, then detect normal; Be greater than 3, then detect exception, report to the police in time.
Order as RSS reader software source code function transition diagram is [node]: CAgileReaderApp [file]: AgileReader.cpp [constitute]: 3 jump to [node] InitInstance [file]: AgileReader.cpp, [node]: CAgileReaderDoc [file]: AgileReaderDoc.cpp
If RSS reader software source code function transition diagram to be measured is CAgileReaderApp [file]: AgileReader.cpp [constitute]: 3 jump to [node] InitInstance [file]: AgileReader.cpp, [node]: CAgileReaderDoc [file]: AgileReaderDoc.cpp, detect without exception, enter step 3.3;
If RSS reader software source code function transition diagram to be measured is CAgileReaderApp [file]: AgileReader.cpp [constitute]: 3 jump to function [node] InitInstance [file]: AgileReader.cpp, [node]: CAgileReaderDoc [file]: AgileReaderDoc.cpp, [node] OnMove [file]: MainFrm.cpp, then do not mate with RSS reader software source code function transition diagram, report to the police in time.
Step 3.3: RSS reader software source code function transition diagram to be measured detects on N/R basis, RSS reader software API minimum functional block transition diagram to be measured and the minimum functional block transition diagram of RSS reader software API is compared.
Illustrate for the AgileReader.cpp function place nodal test in the minimum functional block transition diagram of RSS reader software API to be measured:
As marked the minimum functional block of API that in RSS reader software API minimum functional block transition diagram, AgileReader.cpp function place node is corresponding be
SetBkColor SH
GetFolderPathW
GetWindowRgnBox
GetWindowDC
If the minimum functional block of API that the AgileReader.cpp function place node of RSS reader software to be measured is corresponding is
SetBkColor SH
GetFolderPathW
GetWindowRgnBox
GetWindowDC
Then the minimum functional block transition diagram of the API of RSS reader software to be measured and RSS reader software matches, and runs without exception;
If the minimum functional block of API that the AgileReader.cpp function place node of RSS reader software to be measured is corresponding is
SetBkColor SH
GetFolderPathW
GetUpdateRect(0x001002fc,0x0018e2f0,FALSE)
BeginPaint(0x001002fc,0x0018e304)
GetWindowRgnBox
GetWindowDC
The minimum functional block of API that then in RSS reader software API to be measured minimum functional block transition diagram, AgileReader.cpp function place node is corresponding adds
GetUpdateRect(0x001002fc,0x0018e2f0,FALSE)
BeginPaint(0x001002fc,0x0018e304)
Then RSS reader software to be measured is not mated with the minimum functional block transition diagram of RSS reader software API, and running software is abnormal, reports to the police in time.
Claims (1)
1., based on the software action analytical approach of function template, it is characterized in that, comprise following steps:
Step 1: pre-service;
Step 1.1: insert self-defining segmentation function between every two functions of software source code, the running status of segmentation function simulation softward breakpoint, using each segmentation function as a mark, the software source code through mark is called and marks source code, and corresponding software is called marker software;
Step 2: modeling;
Step 2.1: concept definition;
Node: the continuous number of run comprising source filename belonging to function, function and Same Function; Node definition described in this method is:
[node]:function[file]:xxx.cpp{[constitute]:n}
Wherein, [node] is vertex ticks, represents that following content is nodal information.Function is the function name of this node; [file] is source code file mark, xxx.cpp source code file name belonging to function after expression colon; ... in be node Alternative Content, as function operation number of times >1, mark [constitute]: n, n are the continuous number of run of function operation;
Redirect: in operational process, performs the process of next node, is called redirect from a node; A node can jump to multiple node;
Step 2.2: obtain software source code function transition diagram;
Mark function calling relationship in source code according to described, generate software source code function transition diagram; In the software source code function transition diagram generated, first called function in marker software source code is considered as first operation function, and this function place node is called entrance; In the software source code function transition diagram generated, there is the node without redirect, be called outlet; Outlet represents the end of software program or one group of function;
Step 2.3: obtain the minimum functional block transition diagram of software API;
Marker software described in operation, application API Calls adviser tool is monitored called API sequence, obtains the API sequence of marker software; With segmentation function run call API sequence to split as sequence of partitions described in marker software run the API sequence called; The API sequence fragment that divided sequences segmentation is formed, is called API functional block; The API sequence that marker software is called is represented according to the context of sequence API functional block, is called software API functional block transition diagram;
Marker software described in repeatedly running, obtains each group API functional block, when operation result meets API sequence/this API sequence x100% >=95% obtained in running that API functional block transition diagram contains, and marker software out of service;
Each group API functional block that comparative analysis obtains, gets maximum public part as the minimum functional block of this group API, forms the minimum functional block transition diagram of software API;
The software source code function transition diagram described modeling generated and the minimum functional block transition diagram of software API are as the software action template of software under testing;
Step 3: detect;
Step 3.1: pre-service and modeling process described in possibility software under testing source code under attack or that distort carry out step 1, thus obtain software under testing source code function transition diagram and the minimum functional block transition diagram of software under testing API;
Step 3.2: the software function transition diagram that modeling described in software under testing source code function transition diagram and step 2 generates is compared, whether inspection node, redirect, entrance, outlet be consistent, when non-existent path in software source code function transition diagram appears in software under testing source code function transition diagram, or time inconsistent in the path file content of software under testing source code function transition diagram and software source code function transition diagram, report to the police in time;
Step 3.3: software under testing source code function transition diagram detects on N/R basis, minimum for software under testing API functional block transition diagram and the minimum functional block transition diagram of software API are compared, if software under testing API minimum functional block transition diagram does not mate with the minimum functional block transition diagram of software API, then report to the police in time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510191154.8A CN104751059B (en) | 2015-04-22 | 2015-04-22 | Software action analysis method based on function template |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510191154.8A CN104751059B (en) | 2015-04-22 | 2015-04-22 | Software action analysis method based on function template |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104751059A true CN104751059A (en) | 2015-07-01 |
| CN104751059B CN104751059B (en) | 2017-06-30 |
Family
ID=53590731
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510191154.8A Expired - Fee Related CN104751059B (en) | 2015-04-22 | 2015-04-22 | Software action analysis method based on function template |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104751059B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109032918A (en) * | 2018-05-31 | 2018-12-18 | 长安大学 | A kind of sensing node program exception diagnostic method based on abnormal task function trace |
| CN112131573A (en) * | 2020-09-14 | 2020-12-25 | 深信服科技股份有限公司 | Method and device for detecting security vulnerability and storage medium |
| CN112287334A (en) * | 2020-11-06 | 2021-01-29 | 浙江中控技术股份有限公司 | User-defined library processing method, device and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110071842A1 (en) * | 2009-09-23 | 2011-03-24 | Courtview Justice Solutions | Judicial case management computer system and method for providing the same |
| CN103136471A (en) * | 2011-11-25 | 2013-06-05 | 中国科学院软件研究所 | Method and system for testing malicious Android application programs |
| US8607348B1 (en) * | 2008-09-29 | 2013-12-10 | Symantec Corporation | Process boundary isolation using constrained processes |
| CN103793650A (en) * | 2013-12-02 | 2014-05-14 | 北京邮电大学 | Static analysis method and static analysis device for Android application program |
-
2015
- 2015-04-22 CN CN201510191154.8A patent/CN104751059B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8607348B1 (en) * | 2008-09-29 | 2013-12-10 | Symantec Corporation | Process boundary isolation using constrained processes |
| US20110071842A1 (en) * | 2009-09-23 | 2011-03-24 | Courtview Justice Solutions | Judicial case management computer system and method for providing the same |
| CN103136471A (en) * | 2011-11-25 | 2013-06-05 | 中国科学院软件研究所 | Method and system for testing malicious Android application programs |
| CN103793650A (en) * | 2013-12-02 | 2014-05-14 | 北京邮电大学 | Static analysis method and static analysis device for Android application program |
Non-Patent Citations (2)
| Title |
|---|
| DONG MA, YONGJUN WANG: ""Network Threat Behavior Detection and Trend Analysis Based on the TDLC Model"", 《SMART COMPUTING REVIEW》 * |
| 李闻 等: ""基于混杂模型的上下文相关主机入侵检测系统"", 《JOURNAL OF SOFTWARE》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109032918A (en) * | 2018-05-31 | 2018-12-18 | 长安大学 | A kind of sensing node program exception diagnostic method based on abnormal task function trace |
| CN109032918B (en) * | 2018-05-31 | 2021-06-18 | 长安大学 | Sensing node program abnormity diagnosis method based on abnormal task function track |
| CN112131573A (en) * | 2020-09-14 | 2020-12-25 | 深信服科技股份有限公司 | Method and device for detecting security vulnerability and storage medium |
| CN112287334A (en) * | 2020-11-06 | 2021-01-29 | 浙江中控技术股份有限公司 | User-defined library processing method, device and system |
| CN112287334B (en) * | 2020-11-06 | 2024-03-08 | 浙江中控技术股份有限公司 | Custom library processing method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104751059B (en) | 2017-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106888205B (en) | Non-invasive PLC anomaly detection method based on power consumption analysis | |
| CN110210512A (en) | A kind of automation daily record method for detecting abnormality and system | |
| CN109470946B (en) | Power generation equipment fault detection method and system | |
| CN105069355A (en) | Static detection method and apparatus for webshell deformation | |
| CN111190804A (en) | Multi-level deep learning log fault detection method for cloud native system | |
| CN109034140A (en) | Industrial control network abnormal signal detection method based on deep learning structure | |
| Hemmati et al. | Reducing the cost of model-based testing through test case diversity | |
| CN106330949B (en) | One kind being based on markovian intrusion detection method | |
| CN104751059A (en) | Function template based software behavior analysis method | |
| CN105159827A (en) | Reliability accelerated testing method for GUI software | |
| CN105183659B (en) | Software systems abnormal behavior detection method based on multilevel mode prediction | |
| WO2016031681A1 (en) | Log analysis device, log analysis system, log analysis method, and computer program | |
| CN111768022A (en) | Equipment detection method and device for coal machine production equipment | |
| Zhao et al. | Suzzer: A vulnerability-guided fuzzer based on deep learning | |
| CN114666117A (en) | Network security situation measuring and predicting method for power internet | |
| Kim et al. | Empirical evaluation of existing algorithms of spectrum based fault localization | |
| CN111967003A (en) | Automatic wind control rule generation system and method based on black box model and decision tree | |
| Parsa et al. | Software fault localization via mining execution graphs | |
| CN116961215A (en) | Rapid fault response processing method for power system | |
| Blesa et al. | Robustness analysis of sensor placement for leak detection and location under uncertain operating conditions | |
| Valueian et al. | Constructing automated test oracle for low observable software | |
| CN115577364A (en) | Vulnerability mining method for result fusion of multiple static analysis tools | |
| CN115952503A (en) | Application safety testing method and system integrating black, white and gray safety detection technology | |
| CN109145609A (en) | A kind of data processing method and device | |
| CN108509796B (en) | Method for detecting risk and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190708 Address after: 100080 Beijing Haidian District Haidian South Road A 21 Zhongguancun Intellectual Property Building A 5th floor 501 Patentee after: SUNSHINE INTELLECTUAL PROPERTY (GROUP) CO.,LTD. Address before: No. 100, Chaoyang District flat Park, Beijing, Beijing Patentee before: Beijing University of Technology Effective date of registration: 20190708 Address after: Room 01, 1st Floor, 21 Building, Yuquan Huigu, No. 3 Minzhuang Road, Haidian District, Beijing, 100195 Patentee after: SPACE CQC ASSOCIATE SOFTWARE TESTING AND EVALUATING TECHNOLOGY (BEIJING) CO.,LTD. Address before: 100080 Beijing Haidian District Haidian South Road A 21 Zhongguancun Intellectual Property Building A 5th floor 501 Patentee before: SUNSHINE INTELLECTUAL PROPERTY (GROUP) CO.,LTD. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170630 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |