Software vulnerability intelligent detection and positioning method and system based on intermediate language

A technology of intelligent detection and localization method, applied in the field of vulnerability detection, can solve the problems of high false negative rate and false positive rate of vulnerability detection, inability to realize vulnerability localization, etc. Effect

Active Publication Date: 2019-09-10
HUAZHONG UNIV OF SCI & TECH +1
View PDF13 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the defects of the prior art, the purpose of the present invention is to solve the technical problem that the leak detection rate of the prior art is high and the false positive rate is high, and the positioning of the leak cannot be realized

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software vulnerability intelligent detection and positioning method and system based on intermediate language
  • Software vulnerability intelligent detection and positioning method and system based on intermediate language
  • Software vulnerability intelligent detection and positioning method and system based on intermediate language

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

[0034] like figure 1 As shown, the present invention provides an intermediate language-based intelligent detection and location method for software vulnerabilities, the method comprising the following steps:

[0035] S1. respectively transform the training program source code and the target source code into an intermediate language program slice corresponding to each suspicious vulnerability element, and the intermediate language program slice contains a code that has a dependency relationship with the suspicious vulnerability element;

[0036] S2. If the intermediate language program sli...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a software vulnerability intelligent detection and positioning method and system based on an intermediate language, and belongs to the field of vulnerability detection. The method comprises the steps of converting a training program source code and a target source code into the intermediate language program slices, wherein the intermediate language program slices comprise the codes related to the suspicious vulnerability elements; if the intermediate language program slice corresponding to the training program source code contains the known vulnerability code, adding avulnerability tag to the intermediate language program slice and recording the position of the intermediate language program slice in the slice; if not, adding a vulnerability-free label to the targetobject; training a recurrent neural network based on the sample difference; and performing vulnerability intelligent detection and positioning on the intermediate language program slice correspondingto the target program source code by using the trained sample difference-based recurrent neural network. According to the present invention, the intermediate language slice is used as a unit of vulnerability detection, and the detection accuracy is improved. And only the data corresponding to the known vulnerability rows is selected from the output sequence of the recurrent neural network to participate in forward propagation, so that the trained model can identify the vulnerability rows.

Description

technical field [0001] The invention belongs to the field of vulnerability detection, and more particularly, relates to an intermediate language-based intelligent detection and positioning method and system for software vulnerabilities. Background technique [0002] Software vulnerabilities are the main culprit in network security, however, despite the use of various means to eliminate vulnerabilities, there are still a large number of vulnerabilities in the Common Vulnerabilities and Exposures (CVE) report. Detecting vulnerabilities and patching them in a timely manner is the key to eliminating vulnerabilities. Ideally, vulnerability detection tools should be able to have high accuracy, low false positives, and low false positives, and can accurately determine the location of vulnerabilities. Inspection tools are not able to achieve satisfactory results. Static vulnerability detection is widely used by code auditors to find potential vulnerabilities in software source code...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F21/56G06N3/04G06N3/08
CPCG06F21/577G06F21/562G06N3/08G06N3/044G06N3/045
Inventor 邹德清朱亚威李珍金海李道祥
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap