The Study Of Source Code Vulnerability Detection Based On Graph Neural Network

Computer software is used in all walks of life,becoming one of the pillar industries of social development,and occupying an important position in the national economy and people's livelihood.Once the software system is attacked,it will bring huge losses to society.How to find potential vulnerabilities in software programs rapidly and repair them as soon as possible to avoid greater losses,which is critical to protecting the rights of software providers and users.At present,the existing source code vulnerability detection schemes are mainly divided into rule-based detection and learning-based detection.The former often leads to a high false positive rate due to incomplete rule coverage;the latter,due to the lack of semantic expression of the program in the current machine learning coding method,leads to a limited improvement in accuracy results.In order to solve the shortcomings of the above methods and further improve the accuracy of source code vulnerability detection,this thesis proposes a method of source code vulnerability detection based on graph neural network Graph VDS,which fully expresses the semantic relationship of source code with graph structure,and detects whether the source code graph contains vulnerabilities by trained graph convolution network model.The main work is as follows:(1)This thesis systematically analyzes the current mainstream source code vulnerability detection mechanism,and introduces the basic principle,technical characteristics and existing defects of the existing methods in detail.This thesis summarizes the common problems in source code vulnerability detection,such as incomplete coverage of vulnerability rules and lack of program semantic expression,and puts forward a method of source code vulnerability detection based on graph neural network.(2)In order to solve the problem of low accuracy caused by the lack of semantic expression in traditional machine learning,this thesis studies how to design the graph representation method of source code.By constructing syntax graph,data flow graph,control flow graph and function call graph,the semantic relationship of vulnerability code can be expressed accurately,which can provide accurate data input for network model.(3)On the basis of accurately obtaining the semantic expression of vulnerability code,this thesis discusses how to construct an accurate graph neural network model for source code vulnerability detection.For the sink function call module that may cause vulnerability in the source code,extract the code subgraph related to sink function call,input the code graph into the graph neural network for network model training or vulnerability detection.(4)Implement the Graph VDS vulnerability detection system.Do efficiency experiments to test system.Select multiple Java and C/C++ source code dataset and other vulnerability detection tools evaluate the prototype system.In order to evaluate the practicability and validity of this method,we do vulnerability detection on real world code projects.According to the method proposed in this thesis,the prototype system Graph VDS is designed and implemented.Graphvds system evaluates several data sets of Java and C/C++ programming language.The experimental results show that the F1-measure can be increased by 7.36% by using the graph network model.In order to verify the detection ability of the system in the real environment,the system is experimented on node-0.7.4-release,three published vulnerabilities and an undisclosed vulnerability are found.