| 基于深度聚类的开源软件漏洞检测方法 |
| |
| 引用本文: | 李元诚,黄戎,来风刚,毛一凡,蔡力军.基于深度聚类的开源软件漏洞检测方法[J].计算机应用研究,2020,37(4):1107-1110,1114. |
| |
| 作者姓名: | 李元诚 黄戎 来风刚 毛一凡 蔡力军 |
| |
| 作者单位: | 华北电力大学 控制与计算机工程学院,北京 102206;国家电网公司信息通信分公司,北京 100761;国网福建省电力有限公司信息通信分公司,福州350003 |
| |
| 基金项目: | 国家电网公司总部科技项目 |
| |
| 摘 要: | 针对开源软件漏洞,提出一种基于深度聚类算法的软件源代码漏洞检测方法。该方法利用代码图模型构造开源软件代码属性图,遍历得到关键代码节点并提取出应用程序编程接口(API)序列,将其嵌入向量空间,以关键代码为中心进行聚类,根据聚类结果计算每个函数的异常值,生成检测报告并匹配漏洞库,从而检测出源代码中的漏洞。实验结果表明,该方法能够定位开源软件中漏洞所在的关键代码段并检测出相应漏洞。
|
| 关 键 词: | 开源软件 漏洞检测 源代码分析 深度学习 聚类 |
| 收稿时间: | 2018/9/6 0:00:00 |
| 修稿时间: | 2020/3/2 0:00:00 |
Open source software vulnerability detection method based on deep clustering |
| |
| Li Yuancheng,Huang Rong,Lai Fenggang,Mao Yifan and Cai Lijun.Open source software vulnerability detection method based on deep clustering[J].Application Research of Computers,2020,37(4):1107-1110,1114. |
| |
| Authors: | Li Yuancheng Huang Rong Lai Fenggang Mao Yifan and Cai Lijun |
| |
| Affiliation: | School of Control and Computer Engineering,North China Electric Power University,,,, |
| |
| Abstract: | Aiming at the open source software vulnerability, this paper proposed a software source code vulnerability detection method based on deep clustering algorithm. This method used code graph model to construct the code attribute map and traversed the key code nodes to extract the application programming interfaces(API) sequence, then took the key sequence as the center to cluster and calculated the outliers of the function in each clustering to generate a test report, matched the vulnerability library to detect vulnerabilities in the source code. The experimental results show that the proposed method can locate the key code segments of the vulnerability in open source software and detect the vulnerability. |
| |
| Keywords: | open source software vulnerability detection source code analysis deep learning clustering |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
