Code vulnerability static detection method based on graphrepresentation and MHGAT

被引：0

作者：

Cheng J. ^{[1
]}

Wang B. ^{[1
]}

Luo P. ^{[1
]}

机构：

[1] College of Information and Navigation, Air Force Engineering University, Xi'an

来源：

Xi Tong Gong Cheng Yu Dian Zi Ji Shu/Systems Engineering and Electronics | 2023年 / 45卷 / 05期

关键词：

graph attention network; graph representation learning; multi-head self-attention; program slicing; vulnerability detection;

D O I：

10.12305/j.issn.1001-506X.2023.05.31

中图分类号：

学科分类号：

摘要：

Aiming at the problem that the existing static analysis technology is difficult to detect software security vulnerabilities timely and accurately, a code vulnerability static detection method based on graph representation and multi-head graph attention network (MHGAT) is proposed. Firstly, vulnerability code snippets are extracted from the system dependency graph of source code by program slicing, adjacency matrix of connection relation between different statements is constructed according to the system dependency graph, and feature matrix of code snippet is obtained by embedding algorithm. Then, the adjacency matrix and feature matrix of multiple code snippets are spliced in the form of disjoint graph. Finally, multiple convolution-pooling basic blocks are used to obtain the characteristics of code graph data at different levels, and the output of each basic block is integrated by jumping knowledge network. Experimental results show that compared with other vulnerability detection methods, the proposed method can effectively improve the efficiency and effectiveness of vulnerability detection through the improvement of data representation form and algorithm. © 2023 Chinese Institute of Electronics. All rights reserved.

引用

页码：1535 / 1543

页数：8

共 37 条

[1] HANIF H, NASIR M H N, FAIZAL M, Et al., The rise of software vulnerability: taxonomy of software vulnerabilities detection and machine learning approaches, Journal of Network and Computer Applications, 179, (2021)
[2] JI T T, WU Y, WANG C, Et al., The coming era of alphahack-ing? A survey of automatic software vulnerability detection, exploitation and patching techniques [C], Proc. of the IEEE 3rd International Conference on Data Science in Cyberspace, pp. 53-60, (2018)
[3] WU S Z, GUO T, DONG G W, Et al., Software vulnerability analyses: a road map, Journal of Tsinghua University (Science and Technology), 52, 10, pp. 1309-1319, (2012)
[4] WU J J., Literature review on vulnerability detection using NLP technology
[5] ZOU D Q, ZHU Y W, XU S H, Et al., Interpreting deep learning-based vulnerability detector predictions based on heuristic searching, ACM Trans, on Software Engineering and Methodology, 30, 2, pp. 1-31, (2021)
[6] LI Y, HUANG C L, WANG Z F, Et al., Survey of software vulnerability mining methods based on machine learning, Journal of Software, 31, 7, pp. 2040-2061, (2020)
[7] GU M X, SUN H Y, HAN D, Et al., Software security vulnerability mining based on deep learning [J], Journal of Computer Research and Development, 58, 10, pp. 2140-2162, (2021)
[8] ZAGANE M, ABDI M K, ALENEZI M., Deep learning for software vulnerabilities detection using code metrics, IEEE Access, 8, pp. 74562-74570, (2020)
[9] CHANG C, LIU K S, ZHAO J, Et al., Clone flaw detection method based on clone code detection, Systems Engineering and Electronics, 39, 9, pp. 2157-2164, (2017)
[10] KIM S, WOO S, LEE H, Et al., Vuddy

← 1 2 3 4 →