基于多模态特征融合的源代码漏洞检测  

Source code vulnerability detection based on multimodal feature fusion

在线阅读下载全文

作  者:赵鹍 何成万[1,2] 叶庭瑞 陈伟 ZHAO Kun;HE Cheng-wan;YE Ting-rui;CHEN Wei(School of Computer Science and Engineering,Wuhan Institute of Technology,Wuhan 430205,China;Hubei Provincial Key Laboratory of Intelligent Robot,Wuhan Institute of Technology,Wuhan 430205,China)

机构地区:[1]武汉工程大学计算机科学与工程学院,湖北武汉430205 [2]武汉工程大学智能机器人湖北省重点实验室,湖北武汉430205

出  处:《计算机工程与设计》2024年第11期3233-3239,共7页Computer Engineering and Design

基  金:国家自然科学基金项目(61272115);武汉工程大学第十四届研究生教育创新基金项目(CX2022327)。

摘  要:针对现有的静态漏洞检测方法存在程序特征丢失较多的问题,提出一种基于多模态特征融合的源代码漏洞检测方法。对源代码进行标准化处理,根据数据依赖和控制依赖关系生成程序依赖图,利用双向门控循环单元和图注意力网络分别提取标准化代码和程序依赖图的特征,将两种模态的特征进行融合并送入分类器完成漏洞检测。在SARD数据集上进行对比实验,其结果表明,提出方法可以同时检测不同类型的漏洞,综合检测性能优于其它5种方法,准确率达到了85.4%,F1分数达到了81.9%,进一步降低了漏报率和误报率,验证了方法的有效性。To solve the problem of missing more program features in existing static vulnerability detection methods,a source code vulnerability detection method based on multimodal feature fusion was proposed.The source code was standardized,and the program dependence graph was generated according to the data dependence and control dependence.The features of the standardized code and the program dependence graph were extracted using the bidirectional gated recurrent unit and the graph attention network.The two kinds of features were fused and sent to the classifier for vulnerability detection.The comparison experiment on the SARD dataset shows that the proposed method can detect different types of vulnerabilities at the same time,and its detection performance is better than that of the other five methods.The accuracy rate and F1 score reach 85.4%and 81.9%,and the false negative rate and false positive rate are further reduced.The effectiveness of this method is verified.

关 键 词:深度学习 多模态 特征融合 漏洞检测 程序依赖图 门控循环单元 图注意力网络 

分 类 号:TP391.4[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象