| 基于结构化文本及代码度量的漏洞检测方法 |
| |
| 引用本文: | 杨宏宇,应乐意,张良.基于结构化文本及代码度量的漏洞检测方法[J].湖南大学学报(自然科学版),2022,49(4):58-68. |
| |
| 作者姓名: | 杨宏宇 应乐意 张良 |
| |
| 作者单位: | 中国民航大学安全科学与工程学院,天津 300300;中国民航大学计算机科学与技术学院,天津 300300,中国民航大学计算机科学与技术学院,天津 300300,亚利桑那大学信息学院,图森美国 AZ 85721 |
| |
| 摘 要: | 目前的源代码漏洞检测方法大多仅依靠单一特征进行检测,表征的维度单一导致方法效率低.针对上述问题提出一种基于结构化文本及代码度量的漏洞检测方法,在函数级粒度进行漏洞检测.利用源代码结构化文本信息及代码度量结果作为特征,通过构造基于自注意力机制的神经网络捕获结构化文本信息中的长期依赖关系,以拟合结构化文本和漏洞存在之间的联系并转化为漏洞存在的概率.采用深度神经网络对代码度量的结果进行特征学习以拟合代码度量值与漏洞存在的关系,并将其拟合的结果转化为漏洞存在的概率.采用支持向量机对由上述两种表征方式获得的漏洞存在概率做进一步的决策分类并获得漏洞检测的最终结果.为验证该方法的漏洞检测性能,针对存在不同类型漏洞的11种源代码样本进行漏洞检测实验,该方法对每种漏洞的平均检测准确率为97.96%,与现有基于单一表征的漏洞检测方法相比,该方法的检测准确率提高了4.89%~12.21%,同时,该方法的漏报率和误报率均保持在10%以内.
|
| 关 键 词: | 漏洞检测 结构化表征 抽象语法树 代码度量 深度神经网络 |
Vulnerability Detection Method Based on Structured Text and Code Metrics |
| |
| YANG Hongyu,YING Leyi,ZHANG Liang.Vulnerability Detection Method Based on Structured Text and Code Metrics[J].Journal of Hunan University(Naturnal Science),2022,49(4):58-68. |
| |
| Authors: | YANG Hongyu YING Leyi ZHANG Liang |
| |
| Abstract: | Most of the current source code vulnerability detection methods only rely on a single feature, and the single dimension of characterization results in inefficient methods. To address the above issues, a vulnerability detection method based on structured text and code metrics is proposed to detect vulnerabilities at the function-level granularity. Using source code structured text information and code metrics as features, long-term dependencies in structured text information are captured by constructing a self-attention based neural network to fit the relationship between structured text and the existence of vulnerabilities and translate them into the probability of vulnerabilities. The deep neural network is used to learn the characteristics of the results of code metrics to fit the relationship between code metrics and the existence of vulnerabilities, and the fitted results are transformed into the probability of vulnerabilities. Support Vector Machine (SVM) is used to further classify the probabilities of vulnerabilities obtained by the above two representations and obtain the final results of vulnerability detection. To verify the vulnerability detection performance of this method, 11 source code samples with different types of vulnerabilities are tested. The average detection accuracy of this method for each vulnerability is 97.96%. Compared with the existing vulnerability detection methods based on a single representation, this method improves the detection accuracy by 4.89%~12.21%, and at the same time. the false positive and false negative rates of this method are kept within 10%. |
| |
| Keywords: | |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《湖南大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《湖南大学学报(自然科学版)》下载全文 |
