检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:胡建伟 赵伟[1] 崔艳鹏 崔俊洁 HU Jianwei;ZHAO Wei;CUI Yanpeng;CUI Junjie(School of Network and Information Security,Xidian University,Xi’an 710071,China;Network Behavior Research Center,Xidian University,Xi’an 710071,China)
机构地区:[1]西安电子科技大学网络与信息安全学院,陕西西安710071 [2]西安电子科技大学网络行为研究中心,陕西西安710071
出 处:《西安电子科技大学学报》2020年第6期164-173,共10页Journal of Xidian University
摘 要:针对传统的动静态PHP漏洞挖掘技术效率低、误报率高、漏洞匹配规则过于单一且不具有泛化性的问题,以及现有的以token序列、软件度量等作为特征的神经网络模型不能很好地理解代码语义的问题,提出了一种基于ASTNN深度神经网络的PHP漏洞挖掘方法。首先,根据表达式子树的概念及PHP抽象语法树的特点定义了表达式子树划分规则;其次,根据PHP抽象语法树的特殊结构对传统ASTNN深度神经网络的编码层进行了改进,在提高模型效率的同时更好地保留了抽象语法树所包含的语义信息。最终实验结果表明,基于改进后ASTNN网络的PHP漏洞挖掘方法相对于传统的漏洞挖掘方法具有更高的准确率及召回率。改进后的ASTNN深度神经网络模型适用于PHP语言漏洞挖掘领域。In order to solve the problems of low efficiency and high false positives of the traditional PHP vulnerability mining technology,a deep neural network mining method based on the ASTNN is proposed.At the same time,this method is also used to solve the problem of high false positives of the existing neural network model with the token sequence and software metrics as features.First,according to the characteristics of the PHP abstract syntax tree,the rules for dividing statement trees are defined.Second,according to the special structure of the PHP abstract syntax tree,improvements are made to the encoding layer of the traditional ASTNN deep neural network to better preserve the semantic information contained in the abstract syntax tree.Experimental results show that the PHP vulnerability mining method based on the improved ASTNN model has a higher accuracy and recall rate than the traditional method.The improved ASTNN deep neural network model is suitable for PHP vulnerability mining.
分 类 号:TP311.5[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.21.113.219