基于特征融合轻量图卷积网络的软件漏洞推荐算法  

作　　者：韩坚强 魏嘉银 卢友军 HAN Jianqiang;WEI Jiayin;LU Youjun(School of Data Science and Information Engineering,Guizhou Minzu University,Guiyang 550025,China)

机构地区：[1]贵州民族大学数据科学与信息工程学院,贵阳550025

出　　处：《湖北民族大学学报（自然科学版）》2024年第4期494-499,共6页Journal of Hubei Minzu University:Natural Science Edition

基　　金：贵州省科技计划项目(黔科合基础[2018]1082);贵州省教育厅自然科学研究项目(黔教技[2023]012);贵州民族大学基金科研项目(GZMUZK[2023]YB13)。

摘　　要：针对传统漏洞推荐算法未考虑漏洞之间的复杂转换关系和软件动态变化的特征,导致推荐效果较差的问题,提出了基于特征融合轻量图卷积网络的软件漏洞推荐算法(software vulnerability recommendation algorithm based on feature fusion lightweight graph convolutional networks,SVR-FFLGCN)。首先,构建软件与漏洞异构关系图,并融入漏洞相似性算法以降低邻居结点的噪声干扰;其次,使用轻量图卷积网络捕获漏洞之间的复杂转换关系,并将软件动态变化的局部特征和全局特征进行自适应融合,进而获得更全面的特征表示用于漏洞推荐。实验表明,当推荐漏洞数量为10、20个时,SVR-FFLGCN算法相比基准模型在命中率(hit rate,HR)指标上分别提升了11.39%、6.74%,在归一化累积折损增益(normalized discounted cumulative gain,NDCG)指标上分别提升了7.12%、4.80%。该研究在提升开发人员工作效率以及实施有效的防御措施上具有重要作用。Aiming at the problem that traditional vulnerability recommendation algorithms did not consider the complex transformation relationship between vulnerabilities and the dynamically changing features of software,which led to their poor recommendation effect,a software vulnerability recommendation algorithm based on feature fusion lightweight graph convolutional network(SVR-FFLGCN)was proposed.First,the heterogeneous relationship graph between software and vulnerabilities was constructed,and the vulnerability similarity algorithm was incorporated to reduce the noise interference from neighboring nodes.Second,a lightweight graph convolutional network was used to capture the complex transformation relationship between vulnerabilities,and the dynamically changing local and global features of the software were adaptively fused,so as to obtain a more comprehensive feature representation for vulnerability recommendation.The experiments showed that when the number of recommended vulnerabilities was 10 and 20,compared with the baseline model,the hit rate(HR)metrics improved by 11.39%and 6.74%respectively,and the normalized cumulative discount gain(NDCG)metrics improved by 7.12%and 4.80%respectively.This study is important in improving the efficiency of developers as well as implementing effective defense measures.

关 键 词：漏洞相似性 轻量图卷积网络 局部特征 全局特征 特征融合 漏洞推荐 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]