Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Code attribute graph compression method and device for source code vulnerability detection

A technology of vulnerability detection and compression method, which is applied in the field of code attribute map compression of source code vulnerability detection, which can solve the problems of low space-time efficiency, attack, ignoring semantic information, etc., and achieve the effect of improving space-time efficiency and reducing complexity

Active Publication Date: 2022-01-28
HARBIN INSTITUTE OF TECHNOLOGY SHENZHEN (INSTITUTE OF SCIENCE AND TECHNOLOGY INNOVATION HARBIN INSTITUTE OF TECHNOLOGY SHENZHEN)
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Software vulnerabilities refer to errors or defects caused in the process of software design, development, and configuration, and generally do not affect the normal operation of the program, but in some cases, they may be maliciously used by others to attack the software system, eventually leading to system crashes , data leakage, implanted dangerous code and other consequences
At present, the existing automated vulnerability detection technologies use methods including but not limited to static analysis, dynamic analysis, symbolic execution, machine learning, etc., and models based on software static analysis structure diagrams and deep learning emerge in endlessly, although these methods are in the relevant data. Good results have been achieved on the set, but they still face the main challenge of complex representation of the code graph structure
[0003] Most of the existing vulnerability detection technologies based on the code graph structure combine the code data flow graph, control flow graph, program dependency graph, and abstract syntax tree to form a comprehensive attribute graph, which is often complex in structure, low in space-time efficiency, and difficult applied to actual software projects
And many existing methods assume that the code attribute graph is an isomorphic graph, ignoring the semantic information represented by different node types in the code

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Code attribute graph compression method and device for source code vulnerability detection
  • Code attribute graph compression method and device for source code vulnerability detection
  • Code attribute graph compression method and device for source code vulnerability detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0032] A code attribute map compression method for source code vulnerability detection, the specific steps are as follows figure 1 shown, including:

[0033] S01. According to the code attribute map node calculation based on the previous K The node neighborhood information gain of jumping neighbors;

[0034] The specific implementation process is: Let the code attribute map ,in represents a set of nodes, Represents the feature matrix of the node, Represents the adjacency matrix of nodes in the code property graph. The code attribute map node type set is , the feature vectors of different types of nodes are in different feature spaces. In order to facilitate the measurement of the distance between node features and the importance of calculation, the present invention first performs feature transformation on the features of nodes, and converts them to the same feature space for differential measurement. The conversion formula as follows:

[0035]

[0036] in, I...

Embodiment 2

[0059] refer to figure 2 To describe according to the embodiment of the present disclosure and figure 1 The device corresponding to the shown method is a code attribute graph compression device for source code vulnerability detection. The device 100 includes: a node neighborhood information gain acquisition module 101, which is used to calculate nodes based on the previous code attribute graph. K The node neighborhood information gain of jumping neighbors; the normalization processing module 102 is used to perform local normalization processing on the node neighborhood information gain; the deletion node set acquisition module 103 is used to normalize the node neighborhood information gain after normalization Nodes with low information gain form a set of candidate deletion nodes, and determine whether the candidate deletion nodes in the candidate deletion node set meet the requirements: when the candidate deletion node and all the edges connected to it are deleted, the connec...

Embodiment 3

[0062] The device of the embodiment of the present invention can also use image 3 The architecture of the computing device shown is implemented. image 3 The architecture of the computing device is shown. Such as image 3 As shown, a computer system 201, a system bus 203, one or more CPUs 204, input / output 202, memory 205, and the like. The memory 205 can store various data or files used by the computer for processing and / or communication, and program instructions executed by the CPU. The program instructions include executing the code attribute map compression method for source code vulnerability detection described in Embodiment 1. image 3 The architecture shown is just an example, and it should be adjusted according to actual needs when implementing different devices image 3 One or more components in .

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a code attribute graph compression method and device for source code vulnerability detection. The method comprises the following steps of: calculating node neighborhood information gains based on first K-hop neighbors according to a code attribute graph; performing local normalization processing on the node neighborhood information gains; selecting nodes with low node neighborhood information gains after normalization processing to form a candidate deleted node set, judging whether cut points exist in the candidate deleted node set or not, and removing the cut points from the candidate deleted node set to finally obtain a deleted node set; and removing nodes in the deleted node set and edges connected with the nodes from the code attribute graph to obtain a code attribute compressed graph. According to the method, the first K-hop neighbor gain information of the nodes is calculated, the nodes with low gain information are selected and deleted, meanwhile, the connectivity of the compressed graph is guaranteed, the complexity is reduced under the condition that the node attributes and structural features of the code attribute graph are kept as much as possible, and therefore the space-time efficiency of subsequent model training is improved.

Description

technical field [0001] The invention relates to a software loophole detection method, in particular to a code attribute map compression method and device for source code loophole detection. Background technique [0002] Software vulnerabilities refer to errors or defects caused in the process of software design, development, and configuration, and generally do not affect the normal operation of the program, but in some cases, they may be maliciously used by others to attack the software system, eventually leading to system crashes , data leakage, implanted dangerous code and other consequences. At present, the existing automated vulnerability detection technologies use methods including but not limited to static analysis, dynamic analysis, symbolic execution, machine learning, etc., and models based on software static analysis structure diagrams and deep learning emerge in endlessly, although these methods are in the relevant data. Good results have been achieved on ensembl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06F21/56
CPCG06F21/577G06F21/563G06F2221/033
Inventor 高翠芸陈玉盼王轩刘川意廖清韩培义陈雨佳
Owner HARBIN INSTITUTE OF TECHNOLOGY SHENZHEN (INSTITUTE OF SCIENCE AND TECHNOLOGY INNOVATION HARBIN INSTITUTE OF TECHNOLOGY SHENZHEN)
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com