Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Software Security Vulnerability Detection Method Based on Tree-structured Convolutional Neural Network

A convolutional neural network and neural network technology, applied in the field of code vulnerability prediction in software source code, can solve problems such as insignificant effect, unfavorable code extraction, and imperfect functions

Active Publication Date: 2021-04-13
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This processing method has two major defects: (1) A significant difference between codes and human natural language is that the grammatical structure features of codes are more standardized and easier to capture than human language grammatical features, and the grammatical structure of codes also constitutes code feature information A majority
Obtaining only semantic information while ignoring the grammatical structure is a major defect, which is not conducive to extracting feature information of codes; (2) Although there are tools for automatically extracting semantic information of codes, their functions are not perfect, and these tools are relatively targeted. Difficulty dealing with different types of code
Researchers need to implement their own semantic analyzer to extract key information in the code, this research takes a lot of time, and the effect is not significant

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Software Security Vulnerability Detection Method Based on Tree-structured Convolutional Neural Network
  • A Software Security Vulnerability Detection Method Based on Tree-structured Convolutional Neural Network
  • A Software Security Vulnerability Detection Method Based on Tree-structured Convolutional Neural Network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] The present invention will be described in detail below with reference to the accompanying drawings and examples.

[0019] The models based on deep learning have achieved certain results, which also shows the powerful capabilities of deep learning in the field of vulnerability detection. However, the way they analyze and process source code ignores the structural features of the code itself, which is not conducive to obtaining all the features of the code. information. The present invention first proposes to apply the convolutional neural network based on the code syntax tree structure to the research of software vulnerability detection, obtain the syntax structure and semantic information of the code through the code syntax tree structure, preprocess the features through the neural network model, and obtain the syntax tree The vector feature representation of the node (the output of the embedding layer below), and then use the convolutional neural network as a code cla...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a software vulnerability detection method based on a tree-structured convolutional neural network, which analyzes the source code to obtain an abstract syntax tree AST structure, extracts the node types of each node in the AST structure; Process the model, whose input is the extracted node type, and the output is the predicted probability of the node type; use the node type to train the neural network; after the training is completed, the vector feature value output by the embedding layer is used as the input of the convolutional neural network model , using whether the source code has vulnerabilities as a label, train the convolutional neural network model as a code classifier; for the source code to be detected, extract the node type in its AST structure, retrain the neural network preprocessing model, and output the embedding layer The vector eigenvalues ​​are input into the convolutional neural network model to obtain the vulnerability detection results. The invention can better extract the characteristic information in the code, so as to provide comprehensive analysis results.

Description

technical field [0001] The invention relates to the technical field of code loophole prediction in software source codes, in particular to a software loophole detection method based on a tree-structured convolutional neural network. Background technique [0002] Hidden vulnerabilities in software provide an entry point for attackers, and these vulnerabilities are often caused by subtle errors left or mishandled by programmers when programming. The prevalence of open source software and code reuse has also contributed to the rapid spread of vulnerabilities. The vulnerability detection model can detect the loopholes in the software code. According to the detection results, the software developer can conduct a secondary review on those modules with a high probability of loopholes, and invest limited time and funds in a targeted manner for those modules that may have loopholes. In the testing of highly reliable software modules, the efficiency of software testing can be improve...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/57G06K9/62G06N3/04
CPCG06F21/577G06F21/563G06N3/047G06N3/045G06F18/214
Inventor 危胜军魏文媛单纯胡昌振赵敬宾
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products