关键词: 软件网络, 脆弱类, 社团划分, 加权熵

Abstract:

The structure of software systems is becoming more complex, and the possibility of software failure increases, which makes the cost of software understanding and maintenance for developers higher. Due to a lack of consideration of dependencies between classes in the existing vulnerability class mining methods, software maintenance is difficult to realize. In order to mine the vulnerable classes in the software and reduce the maintenance cost of the software, this paper designs a class dependency software network vulnerable class node mining algorithm based on community partitioning for the directed weighted class dependency network.

Firstly, considering the dependencies and frequency between classes in the software, a directed weighted class dependency software network is constructed. The dependency frequency is used as the weight of the directed edge of the software network, and the weighted entropy of class dependence is defined. With the weighted entropy and node betweenness, class node vulnerability measurement is designed. Aiming at the deliberate attack of class nodes with high vulnerability, with the idea of BGLL algorithm, a directed weighted class dependency software network community partitioning algorithm based on modularity is proposed to divide the community of the class dependency software network. To test the performance of the community partitioning algorithm, the number of communities and weighted modularity are obtained and analyzed. The class nodes are used in the deliberate attack strategy, and, based on the analysis of community number and modularity change, the vulnerable classes in the class dependency software network are mined.

To mine software network vulnerability classes based on the result of the community partitioning, an open source software system Jmeter3.0 is used as the standard experimental data for feasibility testing. As a Java based stress testing tool, Jmeter 3.0 includes 256 classes to support software execution. Using the software network analysis platform SNAP to parse the software source code of Jmeter3.0, the structural information of the software is obtained. Then, the directed weighted class dependency software network of Jmeter 3.0 is constructed. By using the class dependency software network vulnerable class node mining algorithm, Jmeter3.0 is divided into 32 communities. The class dependency software network of the largest community is displayed, which takes TestElement as the core. The top 15 vulnerable class nodes in Jmeter 3.0 are listed and the numbers of communities and modularity are discussed. When these vulnerable class nodes are used as the intentional attack, the numbers of communities and modularity are analyzed in comparison with the original values.

The experiments are designed and the real open source software Jmeter3.0 is used to verify the effectiveness of the vulnerable class node mining algorithm for mining vulnerable classes. Three different class node attack strategies are used, including initial attack strategy, repeated attack strategy and random attack strategy. Compared with the random attack on 15 class nodes, the average modularity of the class dependency software network increases by 12.7% and the average community number increases by 60.12% in the intentional attack on the top 15 class nodes in the vulnerability. The proposed vulnerability class mining algorithm can effectively mine vulnerable classes in the class dependency software network.