| As a result of the logic of software is more and more complex,the probability of vulnerability in the development process is not only more and more large,but also the manifestation of vulnerability is more and more complex.At present,the typical characteristic is that the combination vulnerability is increasing,and the harm is obviously rising.How to carry out effective vulnerability detection has become a research hotspot,but the widely used traditional rule-based detection method and machine learning based detection method have shortcomings in the face of complex combined vulnerability detection.The main reason for the above problems lies in that the combination vulnerability is not simply a combination of a single vulnerability,and it can not be inferred whether there is a combination vulnerability by checking all the single vulnerability characteristics that constitute the combination vulnerability.The complexity of combinatorial vulnerability lies in the specific call relationship and strong data dependency between the single vulnerabilities,which is not conducive to feature extraction and representation.In order to solve the problem of combined vulnerability detection,we use graph embedding network and siamese neural network to implement a method of combined vulnerability detection based on code similarity.On the one hand,the vector representation of vulnerability code is realized by code composition and graph embedding network;on the other hand,the vulnerability detection problem is transformed into code similarity detection problem by siamese neural network.The main work of this thesis is as follows:(1)Combined with the C code example and the real application scenario,this thesis studies the problems encountered in the detection of combined vulnerability.This thesis analyzes the existing vulnerability detection methods,including traditional rule-based detection methods and machine learning based vulnerability detection methods.Combined with the basic principles of these methods,the thesis analyzes their problems in the combined vulnerability detection scenario,and then considers how to solve these problems in the methods proposed in this thesis to achieve better detection results.(2)This thesis analyzes the characteristics of combined vulnerability,studies the advantages of graph embedding network in solving the problem of combined vulnerability detection and the application of code similarity method in vulnerability detection.On this basis,it considers combining graph embedding network and code similarity to solve the problem of combined vulnerability detection.In this thesis,a combined vulnerability detection method based on graph embedding network and code similarity is proposed,and its implementation principle is discussed.The following problems need to be considered for the proposed combined vulnerability detection method:(1)how to compose code to ensure the integrity and hierarchy of code semantic information.(2)This thesis analyzes the characteristics of graph embedding network,and considers how to construct graph embedding network so as to realize feature propagation and graph vectorization by iteration.(3)This thesis studies the construction method of twin neural network,and considers how to use the model to judge the similarity of code and then to realize combined vulnerability detection.Finally,the experimental results show that the method proposed in this thesis has a good effect on the problem of combined vulnerability detection.(3)This thesis designs and implements the Vul Gd(vulnerability detection based on graph network and code similarity).The validity of Vul Gd is verified by constructing vulnerability data set and comparing with many vulnerability detection tools.The experimental results show that under the data set constructed by the open source vulnerability database,F1 evaluation index of the Vul Gd is more than 70% higher than the traditional rule-based detection method,and 10% to 15% higher than the existing machine learning based vulnerability detection method... |
PDF Full Text Request