软件可信性保障若干关键技术

详细信息    本馆镜像全文|  推荐本文 |  |   获取CNKI官网全文

英文题名：Research on Some Key Techniques About Software Trustworthiness Assurance 作者：何加浪 论文级别：博士 学科专业名称：计算机应用技术 中文关键词：可信软件 ; 软件行为 ; 故障传播 ; 多故障 ; 神经网络 ; 可疑度 ; 软件修复 ; 软件容错 ; 进化计算 ; 模块进化 ; 相似性测度 ; 修复评价 英文关键词：Trusted software ; Software behavior ; Fault propagation ; Multi-Fault ; Neural 英文关键词：networks ; Suspicious degrees ; Software repair ; Software fault-tolerant ; Evolutionary 英文关键词：computation ; Module evolution ; Similarity measure ; Repair evaluation 学位年度：2012 导师：张宏 学科代码：081203 学位授予单位：南京理工大学 论文提交日期：2011-10-01

摘要

在软件的开发和使用中,人们总是希望软件行为的表现与预期相一致,但是目前在设计和开发可信软件时缺乏理论和技术上的指导,许多已知和未知的软件缺陷无法避免,同时由于软件本身的复杂性和运行环境的开放、动态、多变等原因,使得软件行为具有不可控性和不确定性,由此引发的软件行为与预期不相符合的现象是软件开发和使用过程中必须面对的重要问题。本文着重讨论了提高和保障软件可信性的若干关键技术,这些技术对可信软件的研究具有重要的理论意义和应用价值,本文在此方面开展了相关的研究工作,取得的主要研究成果如下：
     (1)针对现有的软件行为模型对环境因素考虑不足、性能影响较大等问题,提出了基于环境约束的软件行为控制流模型,分析了影响程序运行的环境因素,结合静态分析方法优点,建立程序行为分析模型,利用标记函数调用指令的方法,在动态运行时进行返回值一致性约束,从而提高模型的精确性；同时根据程序的局部运行原理,将分析范围限定在函数范围内,减少了性能开销。
     (2)针对现有软件结构复杂,软件故障定位困难等问题,提出了两种以人工智能理论为基础的软件故障定位的自动化方法和模型：基于故障传播感知的软件故障定位方法和基于神经网络的多故障定位模型。前者从故障传播对故障定位的影响出发,通过引入故障传播趋势的概念来捕获故障在程序节点中的传播,进而消除故障传播对故障定位精度的影响；后者考虑多故障间相互干扰对故障定位的影响,首先通过故障相关性分析确定故障间的相互影响,然后利用神经网络学习故障与位置的对应关系并通过构造理想测试用例来确定每个可疑位置的可疑度。最后通过实验分析了方法的准确性和快速性,从而为软件故障修复提供支撑,进而提高软件的可信性。
     (3)对软件自动修复技术进行深入研究,在此基础上提出了基于进化计算的软件自动修复技术,其主要思想是采用控制流图作为进化个体的编码方式,测试用例约束的控制流图节点集的势、结构相似度、不变量约束等作为影响适应度函数的因素,将软件的修复过程转化为适应度函数指导的进化过程,从而达到软件自动化修复的目的。文中分析了进化计算在软件修复中的高度可用性,并进一步的从初始种群生成、进化操作位置的细粒度控制、相关参数的设置等方面进行了分析和改进；接下来研究了其在模块化软件容错中的具体应用,从而在可靠性、可用性、长生存能力等不同角度满足人们对软件质量方面的需求。
     (4)针对现有研究缺乏对软件修复变更风险和修复后验证方面的研究,分析了针对软件修复的变更风险,引入了变更风险深度、变更风险密度等概念来对软件修复变更风险进行量化,进而指导软件修复的验证工作。同时利用软件修复的局部性和针对性特点,提出了软件修复的相对相似性评价模型,在实验中分别对补丁和动态修复进行研究,对比了地址对序列、系统调用序列以及混杂序列,说明了评价模型的工作方式,实验表明了模型的有效性,同时说明了混杂序列具有更强的表达能力。通过该模型将修复验证和评价问题转化为修复后软件行为相似性度量问题,从而实现对软件修复可信性的有效评价,为软件修复的部署和应用提供依据。
Trusted software requires that software behavior must be consistent with people's expectations. Nowtime, it lacks the theory and technology of guidance in the design and development phase. So many known or unknown software defects are inevitable. The complexity of the software itself and running environment having open, dynamic and heterogeneous features make software behavior un-controllable and uncertainty. People must face the important problem about the inconsistency between software behavior and people's expectations. This paper focuses on some key techniques of improving and guaranteeing the credibility of the software, and the main research achievements are as follows:
     (1) Including environmental factors for the procedure operation in the control-flow model, combining with the advantages of static analysis methods, this paper establishes the model for analysis of procedure behaviors. It marks function call instructions, and uses consistency constraint of return value to overcome the problems caused by the indirect function pointer calls in a dynamic run-time. At the same time using the local principle of the procedure, the method limits the scope of the analysis in the functions; the experimental results show that the model has better accuracy and lower performance impact.
     (2) According to complex of software structure and difficulty of software fault location, we put forward two methods based on artificial intelligence theory:a fault propagation-Aware program fault location method and the software multi-fault location method based on artificial neural network.In the former, by introducing the concept of edge propagation trend, the method perceives fault propagation for the node having the maximum initial suspicious degree and finally revises the initial suspicious degree for related nodes; And the latter method calculates the support degree of the input for each fault. And then learning the relationship between the faults and the candidate locations of fault using constructed neural network.At last. Experimental results show that compared with traditional methods, the proposed method has a strong ability to distinguish fault locations and can improve the efficiency of software debugging for multi-fault. Thus it supports the repaire of software and improves the credibility of the software.
     (3) We do some researches on the software repair, and AREA (Automate Repair Evolutionary Algorithm) is proposed based on evolutionary computing. Using CFG (Control Flow Graph) as the individual of the evolution, AREA is directed by the fitness degree of the individual, which is calculated from cardinality of the CFG nodes set constrained by testcases and the degree of structure similarity. It converts repair process to evolution process directed by the fitness degree, which automates the software repair. And the experiments show the feasibility and effectiveness of the research works. And then this paper analyzes the usability of evolution computing for software repair, and does some improvement in the initial population generation, evolution operation location fine-grained control and other related parameters。Further the paper studies the application of AREA for software fault-tolerant area. Thus it meets the needs of the software quality from different angles like as reliability, availability, long survival ability and so on.
     (4) This paper analyzes the change risks for software repair, and introduces the concepts such as change risk depth, change risk density to quantify software repair change risks, which can guide validation work for software repair. And then combining behavior observation sequence and relations between the repair processes corresponding software, the paper introduces the RSEM (Relative Similarity Evaluation Model) for software repair according to the local characteristics. In the experiment, we study patches and dynamics repair respectively. Comparing the use of pair-addresses sequence, system call sequence, as well as mixed sequence, the paper illustrates the evaluation model works well, and also shows the effectiveness of the model and the mixed sequences have a stronger ability to express the software behavior. RSEM translates verification problem into a behavior similarity measure problem to overcome the shortcomings of existing technology for lack of effective evaluation, and then realizes the effective evaluation for software repair, which provides the support for the deployment of the software repair application.

引文

1. McCabe T, Butler C. Design complexity measurement and testing. Communications of the ACM,32(12),1999:1415-1425.
    2. Horn P. Autonomic Computing:IBM's Perspective on the State of Information Technology. IBM Research,2001.
    3. Baresi L, Nitto E, Ghezzi C. Toward Open-World Software:Issues and Challenges. IEEE Computer,39(10),2006:36-43.
    4. Yixin D, Keller A, Parekh S, Marinov V V. Predicting Labor Cost through IT Management Complexity Metrics. The 10th IFIP/IEEE International Symposium on Integrated Network Management, May 2007:274-283.
    5. GB/T 16260.1-200X,软件工程产品质量第1部分：质量模型(idt ISO/IEC 9126-1: 2001).
    6. The Inquiry Board. Ariane 5 Flight 105 Inquiry Board Report [R].Paris:European Space Agency Press, July 1996.
    7. Lee I, Iyer R K. Software Dependability in the Tandem GUARDIAN System. IEEE Trans. Software Eng.1995,21(5):455-467.
    8. Siewiorek D P,杨孝宗,Chillarege R, Kalbarczyk Z T.可信计算的产业趋势和研究.计算机学报,2007,30(10)：1645-1661.
    9.刘克,单志广,王戟等.可信软件基础研究”重大研究计划综述.中国科学基金,2008,22(3)：145-151.
    10. National Science, Technology Council (NSTC). America in the Age of In formation:A F orumon Federal In formation and Communications R&D [R]. Bethesda, Maryland, July 6-7,1995.
    11. National Science, Technology Council (NSTC). Research challenges in high confidence systems. Proceedings of the C ommittee on Computing, Information, and Communications Workshop. USA. http://www.hpcc.gov/pubs/hcs2Aug97/intro.html, August 6-7,1997.
    12. High Confidence Systems Working Group, NSTC. Setting an interagency high confidence systems (HCS) research agenda. Proceedings of the Interagency High Con fidence Systems Workshop. Arlington, Virginia, March 1998.
    13. High Confidence Software and Systems Coordinating Group. High Confidence Software and Systems Research Needs. USA:http://www.ccic.gov/pubs/hcss2research.pdf, January, 2001.
    14. Sterritt R, Bustard D. Autonomic computing—a means of achieving dependability? In: Proceedings of IEEE International Conference on the Engineering of Computer Based Systems (ECBS'03), Huntsville, Alabama, USA,2003:247-251.
    15. Dong X, Hariri S, Xue L, et al. AUTONOMIA:An Autonomic Computing Environment. In:Proceedings of the Performance, Computing, and Communications Conference, Phoenix, Arizona,2003:61-68.
    16. Garlan D, Schmerl B. Model-based Adaptation for Self-Healing Systems. In:ACM SIGSOFT Workshop on Self-Healing Systems (WOSS'02), Charleston, South Carolina, USA,2002.
    17.张焕国,罗捷,金刚等.可信计算研究进展.武汉大学学报(理学版),2006,52(5)：513-518.
    18.詹静,张焕国.可信平台模块自动化测试研究.计算机研究与发展,2009,46(11)：1839-1846.
    19.陆文,徐锋,吕建等.一种开放环境下的软件可靠性评估方法.计算机学报,2010,33(3)：452-462.
    20.李昊,秦宇,冯登国等.基于可信平台模块的虚拟单调计数器研究.计算机研究与发展,2011,48(3)：415-422.
    21.刘孜文,冯登国.基于可信计算的动态完整性度量架构.电子与信息学报,2010,32(4)：875-879.
    22.钟浩,张路,梅宏等.软件库调用规约挖掘.软件学报,2011,22(3)：408-416.
    23. Harel D. Statecharts:A visual formalism for complex systems. Science of Computer Programming,1987,8(3):231-274.
    24. Hatcliff J, Dwyer M. Using the bandera tool set to model-check properties of concurrent Java software. In Proceedings of the 12th International Conference on Concurrency Theory, London, UK,2001:39-58.
    25. Harder M, Jeff M, Michael D E. Improving test suites via operational abstraction. In Proceedings of the 25th International Conference on Software Engineering. Washington, DC, USA,2003:60-71.
    26. Leonardo M, Sofia P, Mauro P. Compatibility and Regression Testing of COTS-Component-Based Software. In Proceedings of the 29th international conference on Software Engineering, Washington, DC, USA,2007:85-95.
    27. Davide L, Mariani L, Mauro P. Automatic generation of software behavioral models. In Proceedings of the 30th international conference on Software engineering (ICSE '08), New York, USA,2008:501-510.
    28. Jinlin Y, David E, Deepali B, Thirumalesh B, Manuvir D. Perracotta:mining temporal API rules from imperfect traces. In Proceedings of the 28th international conference on Software engineering (ICSE '06), New York, NY. USA,2006:282-291.
    29. Raz O, Koopman P, Shaw M. Semantic anomaly detection in online data sources. In proceedings of the International Conference on Software Engineering (ICSE). New York, USA,2002:302-312.
    30. Hangal S, Lam M S. Tracking down software bugs using automatic anomaly detection. In proceedings of the International Conference on Software Engineering (ICSE), New York, USA,2002:291-301.
    31. Forrest S, Hofmeyr S A, Somayaji A, Longstaff T A. A sense of self for Unix processes. In SP '96:Proceedings of the 1996 IEEE Symposium on Security and Privacy, Washington, DC, USA,1996:120-128.
    32. Marceau C. Characterizing the behavior of a program using multiple-length n-grams. In Proceedings of the New Security Paradigms Workshop 2000, Cork, Ireland, Sept 2000: 19-21.
    33. Wespi A, Dacier M, Debar H. Intrusion detection using variable-length audit trail patterns. In Proceedings of the 2000 Recent Advances in Intrusion Detection, October 2000: 110-129.
    34. Eskin E, Lee W, Stolfo S J. Modeling system calls for intrusion detection with dynamic window sizes. In Proceedings of DARPA Information Survivability Conference and Exposition II (DISCEX II), Anaheim, CA,2001.
    35. Wee B M K. Automatic generation of finite state automata for detecting intrusions using system call sequences. In V. G. et al., editor, Mathematical Methods, Models, and Architectures for Network Security Systems (MMM-ACNS), Springer-Verlag Berlin Heidelberg,2003:206-216.
    36. Gao D, Reiter M K, and Song D. Behavioral distance measurement using hidden markov models. In D. Zamboni and C. Kruegel. editors, Research Advances in Intrusion Detection, LNCS 4219, Berlin Heidelberg,2006:pages 19-40
    37. Ghosh A, Schwartzbard A. A study in using neural networks for anomaly and misuse detection. In Proceedings of the 8th USENIX Security Symposium, USENIX Association, Berkeley, USA,1999:12-12.
    38. Liao Y, Vemuri V. R. Use of k-nearest neighbor classifier for intrusion detection. Computers & Security,2002,21(5):439-448.
    39. Kruegel C, Mutz D, Robertson W, Valeur F. Bayesian event classification for intrusion detection. In In 19th Annual Computer Security Applications Conference, LasVegas, USA,2003:14-23.
    40. Basu S, Uppuluri P. Proxi-Annotated Control Flow Graphs:Deterministic Context-Sensitive Monitoring for Intrusion Detection. In Proceedings of ICDCIT,2004: 353-362.
    41. Wagner D. Static Analysis and Computer Security:New Techniques for Software Assurance. PhD thesis, University of California at Berkeley,2000.
    42. Wagner D, Dean D. Intrusion detection via static analysis. In Proceedings of the 2001 IEEE Symposium on Security and Privacy,2001:156-169.
    43. Xu H, Du W, Chapin S J. Context sensitive anomaly monitoring of process control flow to detect mimicry attacks and impossible paths. In In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID),2004:21-38.
    44. Kiriansky V, Bruening D, Amarasinghe S. Secure execution via program shepherding. In 11th USENIX Security Symposium, Sanfrancisco,2002:191-206.
    45. Bhatkar S, Chaturvedi A, Sekar R. Dataflow anomaly detection. In:Proceedings of the 2006 IEEE Symposium on Security and Privacy,2006.
    46.陆炜,曾庆凯.一种基于控制流的程序行为扩展模型.软件学报,2007,18(11)：2841-2850.
    47. Gao D, Reiter M K, Song D. Gray-box extraction of execution graphs for anomaly detection. In Proceedings of the 11th ACM Conference on Computer & Communication Security (CCS 2003),2003.
    48.李闻,戴英侠,连一峰等.基于混杂模型的上下文相关主机入侵检测系统.软件学报,2009,20(1)：138-151.
    49. Zhen L. Bridges S M, Vaughn R B. Combining static analysis and dynamic learning to build accurate intrusion detection models. In Proceedings of the 3rd IEEE International Workshop on Information Assurance, March 2005.
    50. Weiser M. Programmers use slices when debugging. Communications of the ACM,1982, 25(7):446-452.
    51. Lyle J R. Weiser M. Automatic Program Bug Location by Program Slicing. Proc. of the 2nd International Conference on Computer and Applications, Beijing, China, June 1987: 877-883.
    52. Agrawal H, DeMillo R A, Spafford E H. Debugging with Dynamic Slicing and Backtracking. Software Practice & Experience,1993,23(6):589-616.
    53. Zhang X, He H, Gupta N, Gupta R. Experimental Evaluation of Using Dynamic Slices for Fault Location. Proc. of the 6th International Symposium on Automated Analysis driven Debugging, Monterey, California, USA, September 2005:33-42.
    54. Jones J A, Harrold M J. Empirical Evaluation of the Tarantula Automatic Fault-Localization Technique. Proc. of the 20th IEEE/ACM Conference on Automated Software Engineering, Long Beach, California, USA, December,2005:273-282.
    55. Wong W E, Debroy V, Choi B. A Family of Code Coverage-based Heuristics for Effective Fault Localization. Journal of Systems and Software,2010,83(2):188-208.
    56. Renieris M, Reiss S P. Fault Localization with Nearest Neighbor Queries Proc. of the 18th IEEE International Conference on Automated Software Engineering, Canada, October 2003:30-39.
    57. Pytlik B, Renieris M, Krishnamurthi S, Reiss S P. Automated Fault Localization Using Potential Invariants. Proc. of the 5th International Workshop on Automated and Algorithmic Debugging, Ghent, Belgium, September 2003:273-276.
    58. Dallmeier V, Lindig C, Zeller A. Lightweight Defect Localization for Java. Proc. of the 19th European Conference on Object-Oriented Programming, Glasgow, UK, July 2005: 528-550.
    59. Liu C, Yan X, Yu H, Han J, Yu P. Mining Behavior Graphs for "Backtrace" of Noncrashing Bugs. Proc. of 2005 SIAM International Conference on Data Mining, Newport Beach, California, USA, April 2005:286-297.
    60. Liblit B, Naik M, Zheng A X, Aiken A, Jordan M I. Scalable Statistical Bug Isolation. Proc. of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, Chicago, Illinois, USA, June 2005:15-26.
    61. Liu C, Fei L, Yan X, Han J, Midkiff S P. Statistical Debugging:A Hypothesis Testing-based Approach. IEEE Transactions on Software Engineering,2006,32(10): 831-848.
    62. Wong W E, Wei T, Qi Y, Zhao L. A Crosstab-based Statistical Method for Effective Fault Localization. Proc. of the 1 st International Conference on Software Testing, Verification and Validation. Lillehammer, Norway, April 2008:42-51.
    63. Cleve H. Zeller A. Locating Causes of Program Failures. Proc. of the 27 International Conference on Software Engineering, St. Louis, Missouri, USA, May 2005:342-351.
    64. Gupta N. He H, Zhang X, Gupta R. Locating Faulty Code Using Failure-Inducing Chops. Proc. of the 20th IEEE/ACM International Conference on Automated Software Engineering, Long Beach, California, USA, November 2005:263-272.
    65. Zhang X, Gupta N, Gupta R. Locating Faults through Automated Predicate Switching. Proc. of the 28th International Conference on Software Engineering, Shanghai, China. May 2006:272-281.
    66. Wong W E, Qi Y. BP Neural Network-based Effective Fault Localization. International Journal of Software Engineering and Knowledge Engineering,2009,19(4):573-597.
    67. Wong W E, Shi Y, Qi Y, Golden R. Using an RBF Neural Network to Locate Program Bugs. Proc. of the 19th IEEE International Symposium on Software Reliability Engineering, Seattle, Washington, USA, November 2008:27-38.
    68. Briand L C, Labiche Y, Liu X. Using Machine Learning to Support Debugging with Tarantula. Proc. of the 18th IEEE International Symposium on Software Reliability, Trollhattan, Sweden, November 2007:137-146.
    69. Cellier P, Ducasse S, Ferre S, Ridoux O. Formal Concept Analysis Enhances Fault Localization in Software. Proc. of the 4th International Conference on Formal Concept Analysis, Montreal, Canada, February 2008:273-288.
    70. Wotawa F, Stumptner M, Mayer W. Model-based Debugging or How to Diagnose Programs Automatically. Proc. of the 15th International Conference on Industrial and Engineering Applications of Artificial Intelligence and Expert Systems:Developments in Applied Artificial Intelligence, Cairns, Australia. June 2002:746-757.
    71. Abreu R, Zoeteweij P, Gemundvan A. A Practical Evaluation of Spectrum-based Fault Localization. Journal of Systems and Software,2009,82(11):1780-1792.
    72. Wang X, Cheung S C, Chan W K, Zhang Z. Taming Coincidental Correctness:Refine Code Coverage with Context Pattern to Improve Fault Localization. Proc. of the 31st International Conference on Software Engineering, Vancouver, Canada, May 2009: 45-55.
    73. Beattie S, Arnold S, Cowan C, et al. Timing the Application of Security Patches for Optimal Uptime. In Proceedings of the 16th USENIX Conference on System Administration. Berkeley, USENIX Press,2002:233-242.
    74. Anvik J, Hiew L, Murphy G C. Who should fix this bug? In International Conference on Software Engineering,2006:361-370.
    75. Seacord R C, Plakosh D, Lewis G A. Modernizing Legacy Systems:Software Technologies, Engineering Process and Business Practices. Addison-Wesley,2003.
    76. Korel B. Automated software test data generation. IEEE Transactions on Software Engineering 1990:16(8):870-879.
    77. McMinn P. Search-based software test data generation:A survey. Software Testing, Verification and Reliability,2004,14(2):105-156.
    78. McMinn P, Harman M, Binkley D, Tonella P. The species per path approach to search-based test data generation. In International Symposium on Software Testing and Analysis (ISSTA 06), Portland, Maine, USA,2006:13-24.
    79. Weimer W. Patches as better bug reports. In Proceedings of the 5th international conference on Generative programming and component engineering (GPCE '06), New York, USA,2006:181-190.
    80. Demsky B, Ernst M D, Guo P J, McCamant S J, Perkins H, Rinard M. Inference and enforcement of data structure consistency specifications. In International Symposium on Software Testing and Analysis,2006:233-244.
    81. Arcuri A. On the automation of fixing software bugs. In Proceedings of the Doctoral Symposium of the IEEE International Conference on Software Engineering, New York, USA,2008:1003-1006.
    82. Arcuri A, Yao X. A novel co-evolutionary approach to automatic software bug fixing. In IEEE Congress on Evolutionary Computation,2008:162-168.
    83. Forrest S, Nguyen T, Weimer W. Goues C L. A genetic programming approach to automated software repair. In Proceedings of the 11th Annual conference on Genetic and evolutionary computation.2009:947-954.
    84. Westley Weimer, ThanhVu Nguyen, Claire Le Goues, Stephanie Forrest.. Automatically finding patches using genetic programming. In Proceedings of the 31st International Conference on Software Engineering (ICSE '09). IEEE Computer Society, Washington, DC, USA,2009:364-374.
    85. Sathre J, Zambreno J. Automated Software Attack Recovery using Rollback and Huddle. Springer Journal of Design Automation for Embedded Systems (DAES),2008,12(3): 243-260.
    86. Sidiroglou S, Laadan O, Perez C et al. ASSURE:automatic software self-healing using rescue points. In Proceeding of the 14th international Conference on Architectural Support for Programming Languages and Operating Systems. New York, USA,2009: 37-48.
    87. Qin F, Tucek J, Sundaresan J, et al. Rx:Treating Bugs As Allergies—A Safe Method To Survive Software Failures. ACM Transactions on Computer Systems (TOCS),2007, 25(3):235-248.
    88. Sidiroglou S, Locasto M E, Boyd S W, et al. Building a Reactive Immune System for Software Services. In Proceedings of the 2005 USENIX Annual Technical Conference. Berkeley,2005:149-161.
    89. Scott D. Making Smart Investments to Reduce Unplanned Downtime. Tactical Guidelines Research Note TG-07-4033, Gartner Group, Stamford,1999.
    90. Gray J, Siewiorek D. High-availability Computer Systems. IEEE Computer.1991,24(9): 39-48.
    91. Rob Barrett, Paul P. Maglio, Eser Kandogan, John Bailey. Usable autonomic computing systems:The administrator's perspective. In Proceedings of the First International Conference on Autonomic Computing (ICAC'04), IEEE Computer Society,2004:18-26.
    92. Jonathan E C, Jeffrey A D. Highly reliable upgrading of components. In Proceedings of the 21st international conference on Software engineering (ICSE '99), New York, USA, 1999:203-212.
    93. Joseph Tucek, Weiwei Xiong, Yuanyuan Zhou. Efficient online validation with delta execution. SIGPLAN Not.2009,44(3):193-204.
    94. Giffin J T, Jha S, Miller B P. Efficient context-sensitive intrusion detection. In Proceedings of Symposium on Network and Distributed System Security,2004.
    95. Debin GAO, Michael K R, and Dawn Song. On gray-box program tracking for anomaly detection. In Proceedings of the 13th conference on USENIX Security Symposium Volume 13 (SSYM'04), Berkeley, CA, USA,2004:8-8.
    96. Sharif M S, Singh K, Giffin J, Lee W. Understanding precision in host based intrusion detection. In Proceedings of the International Symposium on Recent Advances in In-trusion Detection (RAID),2007:21-41.
    97. Feng H, Kolesnikov O, Fogla P, Lee W, Gong W. Anomaly detection using call stack information. In IEEE Symposium on Security and Privacy, Oakland, California, May 2003.
    98. Feng H H, Giffin J T, Yong Huang, Jha S, Wenke L, Miller, B P. Formalizing sensitivity in static analysis for intrusion detection. In Proceedings of 2004 IEEE Symposium on Security and Privacy. Berkeley,2004:194-210.
    99. Gopalakkrishna R, Spafford E H, Vitek J. Efficient intrusion detection using automaton inlining. In Proceedings of the 2005 IEEE Symposium on Security and Privacy,2005: 18-31.
    100.李闻,戴英侠,连一峰等.基于混杂模型的上下文相关主机入侵检测系统.软件学报,2009,20(1)：138-151.
    101.Bryan Buck, Jeffrey K H. An API for Runtime Code Patching. The International Journal of High Performance Computing Applications,2000(14):317-329.
    102.Parampalli C, Sekar R, and Johnson R.2008. A practical mimicry attack against powerful system-call monitors. In Proceedings of the 2008 ACM Symposium on information, Computer and Communications Security, March 2008:156-167.
    103.Lu Wei, Zeng Qingkai. A control flow based program behavior extended model. Journal of software.2007,18(11):2841-2850.
    104.He H, Gupta N. Automated Debugging Using Path-Based Weakest Preconditions. In Proceedings of FASE.2004:267-280.
    105.Renieris E. A research framework for software-fault localization tools [Ph.D thesis]. Brown University,2005.
    106.Santelices R, Jones J A, Yu Y, et al.. Lightweight fault-localization using multiple coverage types. Proceedings of the 31st International Conference on Software Engineering, Vancouver, Canada, May 2009:56-66.
    107.Zhang Zhen-yu, Chan W K, Tse T H, et al.. Capturing propagation of infected program states. Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering (ESEC/FSE'09), Amsterdam, The Netherlands, August 2009:43-52.
    108.Zhao Lei, Wang Li-na, Xiong Zuo-ting, et al.. Execution-aware fault localization based on the control flow analysis. Proceedings of the First international conference on Information computing and applications, Tangshan, China, October 2011:158-165.
    109.Jones J A., Bowring J, Harrold M J. Debugging in Parallel. Proc. of the 2007 International Symposium on Software Testing and Analysis, London, UK, July 2007: 16-26.
    11 O.Zheng A X, Jordan M I, Liblit B, Naik M, and Aiken A. Statistical Debugging: Simultaneous Isolation of Multiple Bugs. Proc. of the 23rd International Conference on Machine Learning, Pittsburgh, Pennsylvania, June 2006:26-29.
    111.柳永坡,吴际,金茂忠,等.基于贝叶斯统计推理的故障定位实验研究.计算机研究与发展,2010,47(4)：707-715.
    112.Aho A V, Peterson T G. A minimum-distance error-correcting parser for context-free languages. SIAM Journal of Computation,1972,1(4):305-312.
    113.Degano P, Priami C. Comparison of syntactic error handling in LR parsers. Software Practice and Experience,1995,25(6):657-679.
    114.Walcott K, Soffa M, Kapfhammer G, and Roos R. Time aware test suite prioritization. In Proceedings of the 2006 international symposium on Software testing and analysis, New York, USA,2006:1-12.
    115.Wappler S, Wegener J. Evolutionary unit testing of object-oriented software using strongly-typed genetic programming. In Proceedings of the 8th annual conference on Genetic and evolutionary computation (GECCO'06), New York, USA,2006:1925-1932.
    116.Barreto A, Barros M, Werner C. M. Staffing a software project:a constraint satisfaction and optimization based approach. Computers and Operations Research,2008,35(10): 3073-3089.
    117.Elmebdorf W R. Fault-Tolerance Programing Proceedings of the International Symposium on Fault-Tolerant Computing (FTCS-2), Newton, Massachusetts,1972: 79-83.
    118.Lala J H, Alger L S. Hardware and software fault tolerance:a unified architectural approach. Eighteenth International Symposium on Fault-Tolerant Computing, Tokyo, Japan 1988:240-245.
    119.Paul E A, John C K. Data Diversity:An Approach to Software Fault Tolerance. IEEE Transactions on Computers.1988,37(4):418-425.
    120.Kanoun K, Kaaniche M, Beounes C, Laprie J, Arlat J. Reliability growth of fault-tolerant software. IEEE Transactions on Reliability,1993,42(2):205-219.
    121.Manic M, Frincke D. Towards the fault tolerant software:fuzzy extension of crisp equivalence voters. The 27th Annual Conference of the IEEE Industrial Electronics Society, Denver, USA,2001:84-89.
    122.Miguel Castro, Rodrigo Rodrigues, and Barbara Liskov. BASE:Using abstraction to improve fault tolerance. ACM Transactions on Computer Systems,2003,21(3):236-269.
    123.Reis G A, Chang J, Vachharajani N, et al. SWIFT:software implemented fault tolerance. International Symposium on Code Generation and Optimization,2005:243-254.
    124.Horning J, Lauer H C, Melliar Smith P M. et al. A Program Structure for Error Detection and Recovery. Lecture Notes in ComputerScience,1974(16):177-193.
    125.RandellB. System Structure for Software FaultTolerance. IEEE Transon Software Engineering,1975,1(2):220-232.
    126.Michael E Locasto, Angelos Stavrou, and Grabriela F Cretu. Life after Self-Healing: Assessing Post-Repair Program Behavior. Tech Report GMU-CS-TR-2008-3. George Mason University Department of Computer Science,2008.
    127.王正志,薄涛.进化计算[M].国防科技大学出版社.2000.
    128.Dawson Engler, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf. Bugs as deviant behavior:a general approach to inferring errors in systems code. In Proceedings of the eighteenth ACM symposium on Operating systems principles (SOSP '01), New York, USA.2001:57-72.
    129.Williams C C, Hollingsworth J K. Automatic mining of source code repositories to improve bug finding techniques. IEEE Transactions on Software Engineering.2005. 31(6):466-480.
    130.Alfred V A, Monica S L, Ravi S, et al. Compilers:Principles, Techniques and Tools. Second Edition. Boston, USA:Addison Wesley,2006:455-456.
    131.Xie Zaipeng, Sun Hongyu, Saluja K. A Survey of Software Fault Tolerance Techniques. http://www.pld.ttu.ee/IAF0030/Paper_4.pdf, May 22,2010.
    132.曹晋华,程侃.可靠性数学引论[M].北京：高等教育出版社,2006：213-218.
    133.Null HTTPd Remote Heap Overflow Vulnerability. http://www.Securityfocus.com/bid/ 5774/info, May 20,2010.
    134.夏耐,郭明松,茅兵等.基于简化控制流监控的程序入侵检测.电子学报,2007,35(2)：358-361.
    135.Yu Kai, Ling Mengxiang, G.ao Qin, et al.. Locating faults using multiple spectra-specific models. The 26th Symposium On Applied Computing, Taichung, March 2011: 1404-1410.
    136.K. G. Popstojanova. Architectural-Level Risk analysis using UML. IEEE Transactions on Software Engineering.2003,29(6):946-960.
    137.T. McCabe. A complexity measure. IEEE Transactions on Software Engineering.1976, 2(4):308-320.
    138.W. E. Wong, Yu Qi, K. Cooper. Source code-based software risk assessing. Proceedings of the 2005 ACM symposium on Applied computing,2005:1485-1490.
    139.Gillen A., Kusnetzky D., McLaron S. The Role of Linux in Reducing the Cost of Enterprise Computing. IDC white paper.2002.