基于D-S证据理论的嵌入式固件Web代码静态漏洞检测技术

固件的漏洞挖掘和检测主要包含基于虚拟仿真的动态漏洞挖掘与检测技术和基于逆向工程的静态白盒审计技术等，其存在仿真率低或误报率高等问题，为此，提出了一种基于多维度特征的固件Web漏洞检测方法，利用多维度特征、多层级处理技术和基于D-S证据理论的漏洞推理规则，针对固件Web中常见的各类漏洞进行有效检测，并能降低漏洞检测误报率.

Static Vulnerability Detection Technology for the Embedded Firmware Web Code Based on D-S Evidence Theory

Currently, vulnerabilities mining and detection for firmware mainly include dynamic analysis which based on virtual simulation and static auditing which based on reverse engineering. These techniques may have low simulation rate and high false positive rate. Proposing a method based on multi-dimensional features for detection of firmware web vulnerabilities. This method can detect common Web vulnerabilities in firmware effectively and lower the false positive rate by using multi-dimensional features, multi-level preprocessing and vulnerabilities reasoning models based on D-S evidence theory.