Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Source code vulnerability detection method, detector and training method and system thereof

A training method and source code technology, which are applied in the field of source code vulnerability detection methods and detectors and their training methods and systems, can solve the problems of large manual participation, coarse granularity, and few types of vulnerabilities, and achieve enhanced learning ability and data expansion. Set and train accurate results

Active Publication Date: 2019-09-17
HUAZHONG UNIV OF SCI & TECH +1
View PDF5 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Aiming at the defects of the prior art, the purpose of the present invention is to solve the technical problems of the existing vulnerability detection technology, such as large manual participation, coarse granularity, and few types of vulnerabilities involved.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Source code vulnerability detection method, detector and training method and system thereof
  • Source code vulnerability detection method, detector and training method and system thereof
  • Source code vulnerability detection method, detector and training method and system thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention. In addition, the technical features involved in the various embodiments of the present invention described below can be combined with each other as long as they do not constitute a conflict with each other.

[0044] figure 1 The flow chart of the training method of the source code vulnerability detector provided by the present invention, as figure 1 shown, including:

[0045] S101, generate an abstract syntax tree based on each function in the source code, traverse all the abstract syntax trees, collect code elements that can match the syntax characteristics of the same vulnerability, call the code...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a source code vulnerability detection method, a detector and a training method and system thereof. The method comprises the steps of generating an abstract syntax tree based on each function in a source code, traversing all the abstract syntax trees, searching the code elements capable of being matched with the same vulnerability syntax feature, calling the code elements as the candidate vulnerability elements, and determining all the candidate vulnerability elements; based on a program slicing technology, identifying the code statements in semantic association with each candidate vulnerability element in the source code to determin the corresponding candidate vulnerability code segments, and adding the vulnerability labels to the candidate vulnerability code segments; and inputting the vector data corresponding to each candidate vulnerability code segment into a neural network model, and training the neural network model based on the label of each candidate vulnerability code segment to obtain a vulnerability detector. Based on the deep neural network, the vulnerability syntax features are extracted through a universal framework, the method is not limited to the vulnerability types and is high in expandability.

Description

technical field [0001] The present invention relates to the field of loophole detection, and more specifically, to a source code loophole detection method, a detector, and a training method and system thereof. Background technique [0002] At present, most of the security problems come from unreasonable compilation of source codes. Although developers' code security awareness is improving, security problems in software are still becoming more and more prominent. According to the report of the National Vulnerability Database (NVD) in the United States, more than 13,400 vulnerabilities were recorded globally in 2017, more than twice the number of vulnerability records in 2016, and this number is still rising. Therefore, vulnerability is a problem that cannot be underestimated in software systems, and the solution to this problem is to use effective vulnerability detection technology to discover and repair vulnerabilities. [0003] Static vulnerability detection based on sourc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06K9/62G06N3/04
CPCG06F21/57G06N3/04G06F18/24G06F18/214
Inventor 邹德清陈肇炫李珍金海
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com