Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Fine-grained source code vulnerability detection method based on graph neural network

A vulnerability detection and neural network technology, applied in the field of network security, can solve the problems of source code lack of intermediate representation, relying on domain expert knowledge, and large detection granularity, so as to achieve the effects of improving efficiency, high automation, and saving costs

Active Publication Date: 2020-06-09
SUN YAT SEN UNIV
View PDF3 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of the above-mentioned defects of the prior art, the technical problem to be solved by the present invention is to provide a fine-grained source code vulnerability detection method based on a graph neural network, using a code attribute graph as an intermediate representation of source code, and using a graph attention network to learn The vector representation of the sentence, finally combined with the deep neural network to realize the fine-grained vulnerability detection at the sentence level, solves the problems of the existing vulnerability detection methods, such as high false negative rate, heavy reliance on domain expert knowledge, excessive detection granularity, and lack of suitable intermediate representation in the source code

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fine-grained source code vulnerability detection method based on graph neural network
  • Fine-grained source code vulnerability detection method based on graph neural network
  • Fine-grained source code vulnerability detection method based on graph neural network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to better illustrate the fine-grained source code vulnerability detection method proposed in the present invention, and to facilitate those skilled in the art to implement the present invention, the implementation process of the method is described in detail below through specific implementation examples and accompanying drawings. It should be understood that the implementation examples described here are only used to explain the present invention, but not limit the present invention

[0033] The prerequisite for the implementation of the present invention is that there is an available large-scale vulnerability database. At the same time, the type of vulnerability and the location of the vulnerability in the source code can be clearly known from the vulnerability database. The source code of the same programming language as the dataset. figure 1 It is the overall frame diagram of the proposed vulnerability detection method, which is mainly divided into feature ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a fine-grained source code vulnerability detection method based on a graph neural network, which comprises the following steps: A, for all source codes of software, extractinga code attribute graph of a function in the source codes, and performing vectorization representation on the code attribute graph, the vectorization representation comprising vectorization representation of node attributes and graph structures; B, extracting code features by using a graph attention network, and processing all statements to obtain a final data set; and C, training a vulnerability detection model, and determining a final model through the effect on the test set. The source code vulnerability detection method provided by the invention has the advantages that the automation degreeis higher; dependence on domain expert knowledge is reduced, code auditing cost is greatly saved, code auditing efficiency is improved, grammar and semantic information in source codes are better reserved, meanwhile, vectorized representation of statements can be learned purposefully through a graph attention network, and vulnerability detection of a finer-grained statement level is achieved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a fine-grained source code vulnerability detection method based on a graph neural network. Background technique [0002] As an indispensable part of the information society, software is playing an increasingly important role. It is not only inseparable from personal daily life but also closely related to the development of society. However, software is a double-edged sword. While it provides convenient services for individuals and society, potential loopholes in software may also cause great losses to individuals and society. Vulnerabilities in software are often inevitable. On the one hand, it is difficult to avoid problems in the process of software design, development, and deployment. On the other hand, due to commercial benefits, the software development cycle cannot be too long, which further increases the There is a risk of software vulnerabilities. In order to r...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/57G06N3/04G06N3/08
CPCG06F21/563G06F21/577G06N3/08G06N3/045
Inventor 金舒原吴跃隆
Owner SUN YAT SEN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products