网络与信息安全学报2025,Vol.11Issue(3):150-162,13.DOI:10.11959/j.issn.2096-109x.2025036
基于有限状态机的漏洞基准测试集生成算法
Vulnerability benchmark generation algorithm based on finite state machines
摘要
Abstract
The emergence and development of various source code vulnerability detection techniques led to the evaluation of these tools'effectiveness becoming a critical issue.Source code vulnerability benchmarks were re-garded as a basic basis for such evaluations.However,most of the existing benchmarks were found to inadequately simulate the complexity and diversity of real-world code,leading to significant discrepancies between benchmark testing and actual program analysis.Furthermore,current source code benchmarks were observed to lack support for testing vulnerability discriminability,resulting in an incomplete evaluation dimension.To address these limita-tions,vulnerability abstract triples and exploitable vulnerability chains were investigated,and a finite-state-machine-based algorithm for generating source code vulnerability benchmarks was proposed.The approach con-sisted of three steps.First,a finite-state machine model was established to construct basic code paths.Second,con-ditional edit distance was employed to select discriminability-specific paths.Third,cyclomatic complexity wrap-pers were used to encapsulate path elements,thereby simulating the intricate structures of real-world code.Experi-mental results demonstrate that the generated benchmarks more closely resemble the complexity of real software,effectively exposing biases and deficiencies in vulnerability detection tools across different code paths.This study validates the algorithm's effectiveness and practical utility,confirming that it provides a more comprehensive and realistic benchmark for evaluating vulnerability detection tools.关键词
有限状态机/漏洞挖掘工具/漏洞基准测试集/条件编辑距离Key words
finite state machine/vulnerability discovery tools/vulnerability benchmark/conditional edit distance分类
信息技术与安全科学引用本文复制引用
谢元栋,颜学雄,赵光胜,赵旭,邱菡..基于有限状态机的漏洞基准测试集生成算法[J].网络与信息安全学报,2025,11(3):150-162,13.基金项目
河南省自然科学基金(242300421415) The Natural Science Foundation of Henan Province of China(242300421415) (242300421415)
