Software security vulnerability detection method based on tree structure convolutional neural network

Abstract

The invention discloses a software vulnerability detection method based on a tree structure convolutional neural network, and the method comprises the steps: analyzing a source code to obtain an abstract syntax tree AST structure, and extracting the node type of each node in the AST structure; constructing a neural network pre-processing model containing an embeding layer, inputting the neural network pre-processing model into an extracted node type, and outputting a prediction probability of the node type; performing neural network training by using the node type; after training is completed,enabling the vector characteristic values output by the embeding layer to serve as input of a convolutional neural network model, taking whether vulnerabilities exist in source codes or not as labels, and training the convolutional neural network model to serve as a code classifier; and for the source code to be detected, extracting the node type in the AST structure of the source code, retraining the neural network preprocessing model, and inputting the vector characteristic value output by the embeding layer into the convolutional neural network model to obtain a vulnerability detection result. According to the method, the feature information in the code can be better extracted, so that a comprehensive analysis result can be given.

Description

technical field [0001] The invention relates to the technical field of code loophole prediction in software source codes, in particular to a software loophole detection method based on a tree-structured convolutional neural network. Background technique [0002] Hidden vulnerabilities in software provide an entry point for attackers, and these vulnerabilities are often caused by subtle errors left or mishandled by programmers when programming. The prevalence of open source software and code reuse has also contributed to the rapid spread of vulnerabilities. The vulnerability detection model can detect the loopholes in the software code. According to the detection results, the software developer can conduct a secondary review on those modules with a high probability of loopholes, and invest limited time and funds in a targeted manner for those modules that may have loopholes. In the testing of highly reliable software modules, the efficiency of software testing can be improve...

AI Technical Summary

Problems solved by technology

This processing method has two major defects: (1) A significant difference between codes and human natural language is that the grammatical structure features of codes are more standardized and easier to capture than human language grammatical features, and the grammatical structure of codes also constitutes code feature information A majority

Obtaining only semantic information while ignoring the grammatical structure is a major defect, which is not conducive to extracting feature information of codes; (2) Although there are tools for automatically extracting semantic information of codes, their functions are not perfect, and these tools are relatively targeted. Difficulty dealing with different types of code

Researchers need to implement their own semantic analyzer to extract key information in the code, this research takes a lot of time, and the effect is not significant

Images