基于图表示和MHGAT的代码漏洞静态检测方法  被引量:2

Code vulnerability static detection method based on graph representation and MHGAT

在线阅读下载全文

作  者:程靖云 王布宏[1] 罗鹏 CHENG Jingyun;WANG Buhong;LUO Peng(College of Information and Navigation,Air Force Engineering University,Xi’an 710077,China)

机构地区:[1]空军工程大学信息与导航学院,陕西西安710077

出  处:《系统工程与电子技术》2023年第5期1535-1543,共9页Systems Engineering and Electronics

基  金:国家自然科学基金(60831001);国防基金(9140A31010109HK0101)资助课题。

摘  要:针对现有的静态分析技术难以及时、准确地检测软件安全漏洞的问题,提出了一种基于图表示和多头图注意力网络(multi-head graph attention network,MHGAT)的代码漏洞静态检测方法。首先,通过程序切片从源代码的系统依赖图中提取漏洞代码片段,根据系统依赖图构建不同语句间连接关系的邻接矩阵,并采用嵌入算法获取代码片段的特征矩阵;然后,将多个代码片段的邻接矩阵和特征矩阵以不相交图的形式进行拼接;最后,使用多个卷积池化基本块获取代码图数据在不同层次上的特征,并利用跳跃知识网络集成各个基本块的输出。实验结果表明,相比其他漏洞检测方法,所提方法通过数据表征形式和算法上的改进,有效提高了漏洞检测的效率和效果。Aiming at the problem that the existing static analysis technology is difficult to detect software security vulnerabilities timely and accurately,a code vulnerability static detection method based on graph representation and multi-head graph attention network(MHGAT)is proposed.Firstly,vulnerability code snippets are extracted from the system dependency graph of source code by program slicing,adjacency matrix of connection relation between different statements is constructed according to the system dependency graph,and feature matrix of code snippet is obtained by embedding algorithm.Then,the adjacency matrix and feature matrix of multiple code snippets are spliced in the form of disjoint graph.Finally,multiple convolution-pooling basic blocks are used to obtain the characteristics of code graph data at different levels,and the output of each basic block is integrated by jumping knowledge network.Experimental results show that compared with other vulnerability detection methods,the proposed method can effectively improve the efficiency and effectiveness of vulnerability detection through the improvement of data representation form and algorithm.

关 键 词:漏洞检测 程序切片 图表征学习 图注意力网络 多头自注意力 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象