Knowledge base-oriented open source software vulnerability propagation path search

There are a large number of dependencies between software packages in the Linux system. When a certain software package has a vulnerability, the scope of the vulnerability will cascade and expand with the dependency chain. A knowledge base-oriented open source software propagation path search algorithm for the vulnerability propagation problem on the dependency chain was proposed. The vulnerability and software package information was represented as nodes by knowledge, the relationship between vulnerabilities and software packages, the relationship between software packages and packages was represented as connections, and the degree of dependency of software packages was represented as weights, so as to construct a vulnerability-software map , an improved full-path search algorithm was applide on this map. Finally, the concept of propagation truncation is proposed. Based on the cost of the entire propagation chain, a search algorithm for key nodes in the propagation chain was proposed, and the optimal solution for truncation of vulnerability propagation was given.