基于小样本学习的源码漏洞检测  

作　　者：陈洪森 方勇 郝城凌 杨运涛 张棋 Chen Hongsen;Fang Yong;Hao Chengling;Yang Yuntao;Zhang Qi(School of Cyber Science and Engineering,Sichuan University,Chengdu 610207;Chengdu Internet Information Center,Chengdu 610041)

机构地区：[1]四川大学网络空间安全学院,成都610207 [2]成都市互联网信息中心,成都610041

出　　处：《信息安全研究》2024年第5期440-445,共6页Journal of Information Security Research

摘　　要：源码漏洞检测是发现及定位关键系统威胁的重要手段.目前,将深度学习技术应用于源码漏洞检测已经成为研究热点.然而,由于源码漏洞样本缺失,有限的数据条件资源导致现有的源码漏洞检测方法在小样本场景下效果不佳.提出了一种基于小样本学习的源码漏洞检测方法,其目标在于为有限样本量的源码漏洞检测场景提供解决方案.该方法由4个关键部分组成:源码切片和编码、基于元学习的数据集处理、基于动态路由算法的漏洞类向量生成和基于神经张量网络的漏洞类向量匹配.该方法和卷积神经网络、原型网络、关系网络进行了对比,实验结果表明,该方法在准确率方面优于其他的方法,可以有效应对源码漏洞样本稀疏问题.在2-way 5-shot和2-way 10-shot的情况下,该方法分别达到93.92%和95.08%的准确率.Source code vulnerability detection is an important means to discover and localize threats to critical systems.At present,the application of deep learning techniques to source generation vulnerability detection has become a research hotspot.However,due to the lack of source code vulnerability samples,limited data condition resources lead to the poor effect of existing source code vulnerability detection methods in small sample scenarios.In this paper,we propose a source code vulnerability detection method based on few-shot learning,which aims to provide a solution for source code vulnerability detection scenarios with limited sample size.The method in this paper consists of four key components:source code slicing and encoding,meta-learning based dataset processing,vulnerability class vector generation based on dynamic routing algorithms,and vulnerability class vector matching based on neural tensor networks.This paper’s method is compared with convolutional neural network,prototype network,and relational network,and the experimental results show that this paper’s method outperforms the others in terms of accuracy,and can effectively cope with the problem of sparse vulnerability samples in source code.In the case of 2-way 5-shot and 2-way 10-shot,this paper’s method achieves 93.92%and 95.08%accuracy,respectively.

关 键 词：小样本学习 漏洞检测 归纳网络 代码切片 元学习 

分 类 号：TP183[自动化与计算机技术—控制理论与控制工程]