A Software Security Vulnerability Detection Method Based on Tree-structured Convolutional Neural Network

Abstract

The invention discloses a software vulnerability detection method based on a tree-structured convolutional neural network, which analyzes the source code to obtain an abstract syntax tree AST structure, extracts the node types of each node in the AST structure; Process the model, whose input is the extracted node type, and the output is the predicted probability of the node type; use the node type to train the neural network; after the training is completed, the vector feature value output by the embedding layer is used as the input of the convolutional neural network model , using whether the source code has vulnerabilities as a label, train the convolutional neural network model as a code classifier; for the source code to be detected, extract the node type in its AST structure, retrain the neural network preprocessing model, and output the embedding layer The vector eigenvalues ​​are input into the convolutional neural network model to obtain the vulnerability detection results. The invention can better extract the characteristic information in the code, so as to provide comprehensive analysis results.

Description

technical field [0001] The invention relates to the technical field of code loophole prediction in software source codes, in particular to a software loophole detection method based on a tree-structured convolutional neural network. Background technique [0002] Hidden vulnerabilities in software provide an entry point for attackers, and these vulnerabilities are often caused by subtle errors left or mishandled by programmers when programming. The prevalence of open source software and code reuse has also contributed to the rapid spread of vulnerabilities. The vulnerability detection model can detect the loopholes in the software code. According to the detection results, the software developer can conduct a secondary review on those modules with a high probability of loopholes, and invest limited time and funds in a targeted manner for those modules that may have loopholes. In the testing of highly reliable software modules, the efficiency of software testing can be improve...

AI Technical Summary

Problems solved by technology

This processing method has two major defects: (1) A significant difference between codes and human natural language is that the grammatical structure features of codes are more standardized and easier to capture than human language grammatical features, and the grammatical structure of codes also constitutes code feature information A majority

Obtaining only semantic information while ignoring the grammatical structure is a major defect, which is not conducive to extracting feature information of codes; (2) Although there are tools for automatically extracting semantic information of codes, their functions are not perfect, and these tools are relatively targeted. Difficulty dealing with different types of code

Researchers need to implement their own semantic analyzer to extract key information in the code, this research takes a lot of time, and the effect is not significant

Images