A c source code vulnerability detection method based on bert model and bilstm

Abstract

A C source code vulnerability detection method based on the Bert model and BiLSTM. By analyzing the software source code, a control dependency graph and a data dependency graph are constructed, and the code is sliced ​​according to the control dependency relationship and data dependency relationship between codes to generate slices. Level code blocks, then perform data cleaning and preprocessing on the generated code blocks, and label each generated code block to distinguish whether the code block contains vulnerability information. Second, input the processed code block as a training set into the Bert pre-training model to fine-tune the standard Bert model to obtain a new Bert model. Then input the code block into the new Bert model to learn the semantic information and contextual relationship between the codes in an unsupervised manner, perform word embedding encoding on the code block, and obtain a word vector with maximized code semantic information and contextual relationship. Finally, input the obtained word vector into BiLSTM to train the detection model, and obtain the source code vulnerability detection model. The invention can improve the accuracy rate of loophole detection and reduce the false alarm rate.

Description

technical field [0001] The invention relates to a software source code loophole detection method, in particular to a C source code loophole detection method based on Bert model and BiLSTM. Background technique [0002] Most of the network attack security incidents that occur in current life are mostly based on various software vulnerabilities in the device software. Software vulnerabilities refer to software defects caused by software developers during the development stage due to factors such as technical problems and lack of experience. Defects exist throughout the entire phase of software deployment and operation. Therefore, attackers can use exploit tools to attack the target system based on such software vulnerabilities at any time or place, extract administrator privileges, obtain system data and command and control privileges to disrupt the normal operation of the system or obtain economic benefits. Purpose. [0003] The existing relatively mature vulnerability mini...

AI Technical Summary

Problems solved by technology

Therefore, in the process of generating word vectors, semantic information will inevitably be missing, which will affect the detection accuracy of the model.

Patent CN201911363149 uses semi-supervised learning technology, uses labeled data and unlabeled data as training data, and directly inputs code elements into the ELMo model to predict whether the source code contains vulnerability information. Although it saves code processing time, due to ELMo The model needs to set the parameters of each layer in the downstream of the training, because it can only encode a single word, and there is no negative sampling process, so it cannot guarantee a high detection accuracy

Patent CN202010576421 proposes a source code vulnerability detection method based on a graph convolutional neural network. This method obtains the code attribute graph corresponding to the source code, constructs a code slice graph structure based on the vulnerability characteristics, and then uses a graph convolutional network to learn each graph. The vector representation of the node, training to obtain the source code vulnerability detection model, but when the training code structure is more complex, the generated code attribute graph is more complex, and the graph convolutional network cannot effectively learn complex graph nodes, so there is still a detection accuracy lower question

Images