[1]黄 松,龚士豪.程序静态分析报告处理方法综述[J].计算机技术与发展,2023,33(01):14-20.[doi:10. 3969 / j. issn. 1673-629X. 2023. 01. 003]
 HUANG Song,GONG Shi-hao.A Survey of Processing Methods of Program Static Analysis Report[J].,2023,33(01):14-20.[doi:10. 3969 / j. issn. 1673-629X. 2023. 01. 003]
点击复制

程序静态分析报告处理方法综述()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
33
期数:
2023年01期
页码:
14-20
栏目:
综述
出版日期:
2023-01-10

文章信息/Info

Title:
A Survey of Processing Methods of Program Static Analysis Report
文章编号:
1673-629X(2023)01-0014-07
作者:
黄 松龚士豪
陆军工程大学 指挥控制工程学院,江苏 南京 210007
Author(s):
HUANG SongGONG Shi-hao
School of Command & Control Engineering,Army Engineering University of PLA,Nanjing 210007,China
关键词:
静态分析警报融合分类排序
Keywords:
static analysisalertingfusionclassificationsorting
分类号:
TP311
DOI:
10. 3969 / j. issn. 1673-629X. 2023. 01. 003
摘要:
在软件测试过程中,使用静态分析工具自动化扫描程序是发现程序中缺陷和漏洞的有效方法之一。 然而,分析工具自身的局限性会导致分析报告中存在大量误报,进而致使审核分析报告成本过高,这不仅降低了工具的实用性,也大大延长了测试周期。 为了减轻测试人员审核分析报告的工作量并提高工具的可用性,国内外研究人员提出了多种静态分析报告处理方法。 对近些年来国内外研究人员在静态分析报告处理方面的研究工作进行综述。 首先,对静态分析技术与静态分析报告处理进行简要介绍,基于处理方法的基本思想给出了方法的分类。 接着,依次总结了各类处理方法的研究成果,并在方法之间进行横向对比,全面分析了当前主流方法的优缺点。 最后,详细指出了该领域目前存在的问题,并给出了相应的研究建议,为相关研究人员全面深入了解程序静态分析报告处理方法提供了基础性参考。
Abstract:
During software testing,automated scanning of programs using static analysis tools is one of the effective ways to find bugs andvulnerabilities in programs. However,the limitations of the analysis tool itself will lead to a large number of false positives in the analysisreport,and then the cost of reviewing the analysis report is too high,which not only reduces the usefulness of  the tool,but also greatlyprolongs the testing period. In order to reduce the workload of testers reviewing analysis reports and improve the usability of tools,researchers at home and abroad have proposed a variety of static analysis report processing methods. We review the research work ofdomestic and foreign researchers on static analysis report processing in recent years. Firstly, the static analysis technology and staticanalysis report processing are briefly introduced, and the classification of methods is given according to the basic idea of processingmethods. Then,the research results of various processing methods is summarized in turn,a horizontal comparison between the methods ismade,and the advantages and disadvantages of the current mainstream methods are analyzed comprehensively. Finally, the existingproblems in this field are pointed out in detail,and corresponding research suggestions are given,which provides a basic reference forrelevant researchers to comprehensively and deeply understand the processing method of program static analysis report.

相似文献/References:

[1]余为峰 黄松.主成分分析法在软件静态测试中的研究与应用[J].计算机技术与发展,2011,(06):73.
 YU Wei-feng,HUANG Song.Research and Application of Principal Component Analysis to Software Static Testing[J].,2011,(01):73.
[2]梁娟娟,刘久富,朱丹丹,等.基于符号执行的软件静态测试研究[J].计算机技术与发展,2013,(06):42.
 LIANG Juan-juan,LIU Jiu-fu,ZHU Dan-dan,et al.Software Static Test Research Based on Symbolic Execution[J].,2013,(01):42.
[3]徐建. 移动僵尸网络检测方法研究[J].计算机技术与发展,2016,26(12):117.
 XU Jian. Investigation on Mobile Botnets Detecting[J].,2016,26(01):117.
[4]郑尧,王轶骏,薛质. 通过AndroidManifest和API调用追踪的恶意检测[J].计算机技术与发展,2017,27(03):126.
 ZHENG Yao,WANG Yi-jun,XUE Zhi. Android Malware Detection of Calls Tracing with AndroidManifest and API[J].,2017,27(01):126.
[5]李红灵[],詹翊[]. Android恶意程序常用权限分析及统计研究[J].计算机技术与发展,2017,27(11):132.
 LI Hong-ling[],ZHAN Yi[]. Statistics Analysis and Research on Common Permissions of Android Malwares[J].,2017,27(01):132.

更新日期/Last Update: 2023-01-10