loading page

Domain Knowledge-Based Analysis of Linux Vulnerability Characteristics and Evolution
  • +4
  • Xiaoxue Wu,
  • Shiyu Weng,
  • Xiaobin Sun,
  • Wei Zheng,
  • Lili Bo,
  • Wenjing Shan,
  • Chen Yao
Xiaoxue Wu
Yangzhou University Department of Electronic Information Engineering
Author Profile
Shiyu Weng
Yangzhou University Department of Electronic Information Engineering
Author Profile
Xiaobin Sun
Yangzhou University Department of Electronic Information Engineering

Corresponding Author:[email protected]

Author Profile
Wei Zheng
Northwestern Polytechnical University School of Software and Microelectronics
Author Profile
Lili Bo
Yangzhou University Department of Electronic Information Engineering
Author Profile
Wenjing Shan
Yangzhou University Department of Electronic Information Engineering
Author Profile
Chen Yao
Yangzhou University Department of Electronic Information Engineering
Author Profile

Abstract

An operating system is the essence of software, serving as the foundation for the operation of various application software. The security of the operating system is crucial for the national informatization construction. Data indicates that many cybersecurity incidents result from exploiting security vulnerabilities in the operating system. Linux is currently the most widely used open-source operating system, with thousands of Common Vulnerabilities and Exposures (CVE) related to Linux system reported each year. Therefore, research and prevention of vulnerabilities in the Linux system are particularly important. To gain a better understanding of the characteristics of Linux system vulnerabilities, this paper leverages knowledge in the field of software security to analyze nearly 10,000 historical vulnerability data in two core systems of Linux: Linux Kernel and Debian Linux. The study explores the evolutionary patterns of vulnerability characteristics. Specific research contents include: (1) Data collection and cleaning of vulnerability data in Linux Kernel and Debian Linux systems; (2) Cross-statistical analysis of structured data features in vulnerability reports; (3) Unstructured data feature mining in vulnerability reports based on domain knowledge; (4) Analysis of the evolution of vulnerability characteristics. This paper provides empirical lessons and guidance for Linux system vulnerabilities to assist practitioners and researchers in better preventing and detecting vulnerabilities in Linux and Linux-based systems.