Research Of Vulnerability Prediction Based On Deep Learning And Robustness Verification On Deep Learning Model

Vulnerability makes computer systems to be insecure.Hence,it is important to detect the vulnerabilities in programs automatically,which is also very challenging.Vulnerability detection often needs to analyze partial programs.However,the rulebased static detection tools perform poor for partial programs,i.e.,the rates of recall and precision are both lower.Machine learning(especially deep learning)provides a new way for the automatic detection of the vulnerabilities in partial programs,but the effectiveness of machine learning-based methods is still to be validated.We propose a graph neural network(GNN)based framework for automatically detecting the vulnerabilities in partial programs.The framework extracts the graphstructure information from the partial programs,such as abstract-syntax trees and control flow graphs.Then,the framework utilizes the existing GNN methods to train a vulnerability prediction model for partial programs.We have compared our framework with the existing rule-based tools and the machine learning-based prediction methods by the large-scale evaluation on real-world partial programs.The experimental results demonstrate that the GNN-based method has a 76% precision and a 72% recall rate,which are 50% and 78% improvements compared with the existing methods,respectively.However,deep learning's nature of uninterpretation is the main challenge for the reliability of the GNN-based detection framework.Robustness is one of the main factors for evaluating the reliability of deep learning models.Robustness verification provides an effective method for improving the robustness of deep learning models,but the scalability of robustness verification is a challenge.We observe that DNN's different inputs have different possibilities of existing counter-examples around them,and the input with a small difference between the largest output value and the second-largest output value tends to be the weak inputs of the DNN.Based on this observation,we propose a boosting method for DNN robustness verification,aiming to find counter-examples earlier by selecting the weak inputs in priority.We have implemented our method and applied it to two state-of-the-art DNN verification tools and four DNN attacking methods.The results of the extensive experiments on two benchmarks(ACAS-Xu and MNIST)indicate that the verification tools using our method have an average rate of more than 90% for finding counter-examples,and our method can improve the success rate of attacking by3.3 times for the adversarial example generation methods.