Research On Software Vulnerabilitiy Mining Method Based On Code Property Graph

Vulnerability discovery is the focus of today’s computer security research field. At present, the vast majority of vulnerability detection procedure requires a lot of manual audit. Thus code analysis is complex and time-consuming, and it leads to inefficient vulnerability detection. As vulnerability mining problem itself is theoretically undecidable, auxiliary safety analysis rather than replacing security analysts is a basic principle. With the help of graph database and data mining technology leverage the information contained in the source code to assist software anlysis is a novel research idea.First of all, this paper proposes a topics sensitive missing check vulnerability mining method. We use function name, file name as well as call environment to character the topic of a function. The corresponding n-gram name similarity, and Jaccard-based caller set similarity are designed to describle the locality of the query, and we propose a synthetic filter algorithm to further optimize the neighborhood selection. A new quality metric is designed to calculate the credibility of KNN query. The data exchange style of the semantic mapping and condition feature mapping are changed from disk to memory. We add multiple source/sink query support to meet the needs of querying a group of source/sink as a API composition for chucky-ng and we add analysis report function to improve its usability.Secondly, we proposed a code property graph generation method. By constructing code parser and parsing the source code we extract abstract syntax tree and the control flow graph. Based on reaching definition,we provide the construction strategy of data dependence graph. And a control dependence graph generation strategy is provided based on function dominating tree These two step convert a control flow graph to program dependence graph. The code property graph is generated by merging abstract syntax tree, control flow diagram, and program dependence graph.Finally, This paper presents a code property graph based vulnerability mining method. A formal definition of pollution propagation analysis function and the vulnerability query is provided. The implementation of the vulnerablity query based on gremlin graph query language is discussed and the formal definition of some common vulnerability is modeled by the former query function. Especially we give a deep research of the pollution style vulnerability query’s definition, implementation and perform the verification analysis. The possible future work of static vulnerability discovery and static analysis based on graph model and graph database query technology are discussed at last.