| In recent years,exploiting source code vulnerabilities to attack has become an important means of national cyberspace competition.The effect of vulnerabilities is comparable to arsenals.At the same time,with the gradual deepening of software,source code opening is the general trend.As a result,vulnerability detection of source code is becoming more and more important.Using the traditional manual detection method to discover vulnerabilities is more like an art: not only consumes a lot of time and labor,but also has low efficiency.The rapid development of artificial intelligence and deep learning makes automated vulnerability discovery promising.The technical challenges and problems in current automated vulnerability mining are: dynamic vulnerability detection methods will cause path explosion problems;static vulnerability detection methods based on rule matching requires rules that define by human,and rules are difficult to enumerate;static vulnerab ility detection methods based on machine learning are currently learning with source code sequences,it is difficult to learn the structural characteristics of the source cod e,and when the results of machine judgment are verified by humans,the workload a nd difficulty of analyzing the entire source code by human are not reduced at all.Aiming at the above problems,this paper designs a graph network for C language source code vulnerability detection,which can automatically learns the source code structure information.According to the causes of typical source code vulnerabilities,use data flow and control flow to assist in understanding the semantic structure of source code vulnerabilities.According to the source code context structure information,the trained graph network is used to discover source code vulnerabilities.The innovations of this article include: using data and control dependency graphs to represent the source code structure,which solves the problem of the lack of vulnerability features in traditional source code sequence representations;using graph networks to learn data and control dependency graphs,which solves the problem that existing detection models cannot learn vulnerability features from the data and control dependency graphs;the data and c ontrol dependency graphs are used to assist in manually verifying source code vulnerabilities,it can solve the problem of semantic structure understanding during manual analysis.The experimental results show that the graph network method can effectively detect the actual CVE source code vulnerabilities during th e vulnerability discovery stage,and the data and control dependency graphs can be used to assist in identifying source code vulnerabilities during the manual verification stage.In machine learning evaluation indicators,the performance of graph networks is better than the method of the bag of words model + random forest and the method of recurrent neural network. |
PDF Full Text Request