Technical Field
The present disclosure relates to a software vulnerability analysis method and device.
Description of Related Art
According to a Symantec Internet Security Threat Report 2014, software vulnerability attacks are increasing every year. Particularly, 23 zero-day software vulnerabilities unknown before were newly discovered in 2013, which means a 61% increase over 2012. In Korea, attacks using software vulnerabilities are increasing day after day, and various attacks such as malicious code infections, DDoS attacks, personal information leakages, and the like have been reported.
Currently, in order to analyze and respond to software vulnerabilities, testing methods such as symbolic testing and fuzzy testing have been used. However, the conventional methods such as symbolic testing and fuzzy testing show poor performance in terms of analysis time and accuracy. Further, in order to use these methods, human resources with high level expertise and ample prior knowledge and practical experience are needed. Therefore, accessibility of these methods for analyzing software vulnerabilities is low.
Accordingly, under the current circumstances that a lot of new software is developed every day along with the growth of IT industry, a study on a method for increasing efficiency and accuracy in software vulnerability analysis and reducing time and resources required for the analysis is essential.
Meanwhile, Korean Patent Laid-open Publication No. 10-2014-0001951 (entitled “Intelligent code differencing using code clone detection) discloses systems and methods for intelligent code differencing employing code clone detection technology.