Vulnerability similarity measurement method based on context semantics

A technology of similarity measurement and context, applied in code semantic understanding in the field of software engineering and software engineering, can solve the problems of high false positive rate of static vulnerability detection tools, long time-consuming, high cost of pure manual screening, etc., to maintain structural invariance, Effect of High Accuracy, High False Positive Review Service

Inactive Publication Date: 2021-03-26
江西环境工程职业学院
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The problem to be solved by the present invention is: the high false positive rate of static

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability similarity measurement method based on context semantics
  • Vulnerability similarity measurement method based on context semantics
  • Vulnerability similarity measurement method based on context semantics

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] Several key technologies involved in the present invention are WALA tool, CFG, DFG, word2vec model.

[0029] 1. WALA tool

[0030] WALA is mainly used for static code analysis of Java and JavaScript, based on context-sensitive slices. In the present invention, the WALA tool is used to extract the control flow graph in the program, and according to the program data flow graph, the statement or predicate related to the code is located to assist in the semantic analysis of the code context.

[0031] 2. CFG

[0032] CFG is the Control Flow Graph, which represents all the paths traversed during the execution of a program. It expresses the possible flow of all basic block execution in a process in the form of a graph, and can also reflect the real-time execution process of a process. In the present invention, it is used to assist in building DFG and analyzing code context.

[0033] 3. DFG

[0034] DFG is a data flow graph, which describes a system from the perspective of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A vulnerability similarity measurement method based on context semantics is characterized in that a natural language processing thought is used for reference, starting from the perspective of code semantics, a static code scanning tool is used for carrying out source code security scanning, code context information is obtained based on a control flow diagram and a data flow diagram, and code semantic analysis is carried out; the method also includes mapping the code context statement to a vector space: function: T-> T ''; calculating the similarity Similarity (T ''n, T'' m) between the vulnerability and the vulnerability of the known type, setting a threshold value for identification, automatically screening misreported vulnerabilities, and evaluating the recall ratio and precision ratio of the identification; according to the invention, bug misinformation can be effectively filtered, static code scanning tool misinformation and the cost of screening real bugs by developers or engineers are reduced, the problem that the traditional static scanning misinformation rate is high is solved, a high-accuracy misinformation examination service is provided, meanwhile, system bugs are found,and the software security is guaranteed.

Description

technical field [0001] The invention belongs to the field of software engineering, in particular to the application of code semantic understanding in the field of software engineering, which is used for filtering false positive vulnerability information generated by a static code vulnerability scanning tool. Background technique [0002] With the continuous expansion of software application fields, there are more and more attacks on information systems, and the attack points that can be exploited are often errors or defects (called loopholes) in the source code design or implementation process of the program itself. Source code security audits can discover potential security vulnerabilities during the system development phase, thereby helping to reduce security vulnerabilities by 10% to 50%. Therefore, scanning the program for vulnerabilities at the source code level can effectively reduce the occurrence of security vulnerabilities at the source, thereby reducing the occurre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/57G06F16/33
CPCG06F21/577G06F2221/033G06F16/3344G06F16/3347
Inventor 陈万钧
Owner 江西环境工程职业学院
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap