Vulnerability Localization Method Based on Software Structural Signature of Complex Network

摘要

Software vulnerability localization is of great importance for vulnerability analysis as the basic step of vulnerability exploitation and vulnerability fix up. By viewing large-scale software as a complex network system, we present a new method of vulnerability localization. The software structure is depicted by system-level features of complex network. In this way, we generate structural signatures of the original and patched software respectively. By comparing the structural signatures and splitting the connexity group recursively, the vulnerability location can be localized. To speed up the comparison, backtracking is taken during the recursion. Results of the experiments show the effective localization capability of this method.