基于漏洞异构图的图卷积网络漏洞检测方法  

Graph Convolution Network Vulnerability Detection Method Based on Vulnerability Heterogeneous Graph

在线阅读下载全文

作  者:陈梓豪 金大海[1] 宫云战[1] CHEN Zihao;JIN Dahai;GONG Yunzhan(State Key Laboratory of Networking and Switching Technology,Beijing University of Posts and Telecommunication,Beijing 100876,China)

机构地区:[1]北京邮电大学网络与交换技术全国重点实验室,北京100876

出  处:《小型微型计算机系统》2025年第3期697-703,共7页Journal of Chinese Computer Systems

基  金:省部级基金项目(GCIS202103)资助.

摘  要:漏洞检测是软件安全领域重要的研究问题.软件漏洞的迅速发现和修补可以最大程度降低损失.相比静态检测方法,基于深度学习的漏洞检测方法学习漏洞隐含特征,提高检测能力.但目前利用图神经网络的相关研究将代码生成的图视为同构图,图中的控制和数据依赖关系被视为相同类型边,模型无法通过感知不同的边关系提取隐藏特征.本文利用已有漏洞位置和代码的控制依赖和数据依赖构建漏洞异构图,提出多层异构图漏洞检测模型.实验结果显示,本文方法相较于已有的漏洞检测工具模型准确率提高最多39%,其余指标均有明显提升,表明本文方法能够有效提升漏洞识别能力.Vulnerability detection is an important research issue in the field of software security.Rapid discovery and patching of software vulnerabilities can minimize losses.Compared with static detection methods,vulnerability detection methods based on deep learning learn the hidden characteristics of vulnerabilities and improve detection capabilities.However,current related research using graph neural networks regards the graph generated by the code as an isomorphic graph.The control and data dependencies in the graph are regarded as the same type of edges.The model cannot extract hidden features by perceiving different edge relationships.This paper uses the control dependencies and data dependencies of existing vulnerability locations and codes to construct a vulnerability heterogeneous graph and proposes a multi-layer heterogeneous graph vulnerability detection model.Experimental results show that compared with the existing vulnerability detection tools and models,the accuracy of the proposed method is up to 39%higher,and other indicators have been significantly improved,indicating that this method can effectively improve vulnerability identification capabilities.

关 键 词:漏洞检测 图神经网络 异构图 深度学习 

分 类 号:TP311[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象