Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A fine-grained source code vulnerability detection method based on graph neural network

A vulnerability detection and neural network technology, applied in the field of network security, can solve the problems of lack of intermediate representation in source code, dependence on domain expert knowledge, large detection granularity, etc., to achieve the effect of improving efficiency, reducing dependence, and saving costs

Active Publication Date: 2022-08-05
SUN YAT SEN UNIV
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of the above-mentioned defects of the prior art, the technical problem to be solved by the present invention is to provide a fine-grained source code vulnerability detection method based on a graph neural network, using a code attribute graph as an intermediate representation of source code, and using a graph attention network to learn The vector representation of the sentence, finally combined with the deep neural network to realize the fine-grained vulnerability detection at the sentence level, solves the problems of the existing vulnerability detection methods, such as high false negative rate, heavy reliance on domain expert knowledge, excessive detection granularity, and lack of suitable intermediate representation in the source code

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A fine-grained source code vulnerability detection method based on graph neural network
  • A fine-grained source code vulnerability detection method based on graph neural network
  • A fine-grained source code vulnerability detection method based on graph neural network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to better illustrate the fine-grained source code vulnerability detection method proposed by the present invention and facilitate those skilled in the art to implement the present invention, the implementation process of the method is described in detail below through specific implementation examples and accompanying drawings. It should be understood that the embodiments described herein are only used to explain the present invention, but not limit the present invention

[0033] The prerequisite for the implementation of the present invention is that there is an available large-scale vulnerability database, and the type of vulnerability and the location of the vulnerability in the source code can be clearly known from the vulnerability database. The source code of the same programming language as the dataset. figure 1 This is the overall framework of the proposed vulnerability detection method, which is mainly divided into a feature extraction module and a mode...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a fine-grained source code vulnerability detection method based on a graph neural network, including the following: A. For all source codes of a software, extract the code attribute graph of the function in the source code, and perform vectorized representation of the code attribute graph , the vectorized representation includes the vectorized representation of node attributes and graph structure; B, uses the graph attention network to extract code features, and processes all sentences to obtain the final data set; C, trains the vulnerability detection model, and passes the effect on the test set Determine the final model. The source code vulnerability detection method provided by the invention has a higher degree of automation, reduces the dependence on domain expert knowledge, greatly saves the cost of code auditing, improves the efficiency of code auditing, and better retains the syntax and semantic information in the source code. , while using the graph attention network can more purposefully learn the vectorized representation of sentences and achieve more fine-grained sentence-level vulnerability detection.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a fine-grained source code vulnerability detection method based on a graph neural network. Background technique [0002] As an indispensable part of the information society, software is playing an increasingly important role. It is not only inseparable from the daily life of individuals, but also closely related to the development of society. However, software is a double-edged sword. While it provides convenient services for individuals and society, potential loopholes in software may also cause great losses to individuals and society. Vulnerabilities in software are often unavoidable. On the one hand, it is difficult to avoid problems in the process of software design, development, and deployment. On the other hand, due to commercial benefits, the software development cycle cannot be too long, which further increases. The software is at risk of vulnerabilities. In or...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/57G06N3/04G06N3/08
CPCG06F21/563G06F21/577G06N3/08G06N3/045
Inventor 金舒原吴跃隆
Owner SUN YAT SEN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products