Graph neural network-based vulnerability identification and prediction method and system, computer equipment and storage medium

A neural network and prediction method technology, applied in the field of software engineering, can solve problems such as no identification and prediction model proposed

Active Publication Date: 2020-06-12
YANGZHOU UNIV
View PDF7 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

There are also some works that analyze vulnerable code at a finer granularity (function level) by introducing graphs into code representations, such as the document "Vulnerabilityextrapolation: assisted discovery of vulnerabilities using machine learning" by integrating abstract syntax trees, control flow graphs, and program dependencies. Graphs form code property graphs to represent source codes, but do not propose a complete recognition prediction model

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Graph neural network-based vulnerability identification and prediction method and system, computer equipment and storage medium
  • Graph neural network-based vulnerability identification and prediction method and system, computer equipment and storage medium
  • Graph neural network-based vulnerability identification and prediction method and system, computer equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0075] In order to make the purpose, technical solution and advantages of the present application clearer, the present application will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present application, and are not intended to limit the present application.

[0076] In one embodiment, combined with figure 1 , the present invention proposes a method for identifying and predicting vulnerabilities based on a graph neural network, comprising the following steps:

[0077] Step 1, construct a vulnerability data set;

[0078] Step 2, divide the vulnerability data set into training set and test set;

[0079] Step 3, the vulnerability file code diagram representation;

[0080] Step 4, vulnerability feature extraction;

[0081] Step 5, construct a predictor, and use the predictor to predict the vulnerabilities in the code file.

[0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a graph neural network-based vulnerability identification and prediction method and system, computer equipment and a storage medium. The method comprises the following steps: constructing a vulnerability data set; dividing the vulnerability data set into a training set and a test set; expressing a vulnerability file code graph; vulnerability feature extraction; and constructing a predictor, and predicting vulnerabilities in the code file by utilizing the predictor. The system is used for realizing the process of the method, and the computer equipment and the storage medium can realize the process of the method by executing computer programs. According to the method, the grammar and semantic information of the vulnerability codes can be better utilized, the relationship between the vulnerability codes and the context is fully mined, one type of vulnerability is effectively identified, the universality and universality are higher, the link of manually formulatingvulnerability indexes in actual code auditing can be replaced, the actual use cost is lower, the application field is wider, and the precision is higher.

Description

technical field [0001] The invention belongs to the field of software engineering, and in particular relates to a method, system, computer equipment and storage medium for identifying and predicting vulnerabilities based on a graph neural network. Background technique [0002] Vulnerability identification and prediction is an important part of the software maintenance process. In recent years, with the expansion of the scale and complexity of software projects, a large number of vulnerabilities have appeared in the software development process. How to identify and predict vulnerabilities accurately and efficiently has become a very challenging task. In the previous work, the characteristics or patterns manually formulated by human experts were used as input by machine learning algorithms to detect vulnerabilities. However, some vulnerability metrics (such as code size, cyclomatic complexity, etc.) are manually defined by experts, which is too costly and expensive. Higher su...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F21/57G06N3/04G06N3/08
CPCG06F11/3608G06F21/577G06N3/08G06N3/045
Inventor 孙小兵曹思聪李斌
Owner YANGZHOU UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap