Research On Software Vulnerability Detection Based On Vulnerability Genes

From industrial power stations to pacemakers and even home appliances,software systems are indispensable in key areas.The growing reliance of the technology of software,software of the system itself increasingly complex and software vulnerabilities of exponential growth,make the software code analysis become an important direction of computer science research,skills and experience in using information security experts,on the basis of the need to establish on the scale,speed and efficiency to meet the actual needs of automation code vulnerability analysis system.Although great progress has been made in this area,there are still many challenges to be solved,such as dynamic and static analysis vulnerability omission and false positives,code coverage of code testing and path explosion.The new analysis method starts to try to detect vulnerabilities by extracting code features,taking advantage of the advantages of machine learning in pattern recognition,and using some trained models and achieving some results.Based on this idea,this paper first proposed a vulnerability detection method based on control flow diagram and supervised learning.The control flow and data flow information extracted from the code were used to obtain the use-def chain,which was finally converted into the semantic expression form describing the code pattern.Secondly,based on the technical achievements of GCN in text classification,the extracted features are classified to realize vulnerability classification.Auc-pr reaches 0.86,which is 5% higher than the detection rate of the existing algorithm,indicating the effectiveness of this method.Web applications often have multiple dynamic characteristics,and simply using static analysis to detect software vulnerabilities is not the best approach.In order to realize the automatic generation of vulnerability detection and vulnerability utilization code,this paper puts forward a new vulnerability detection method based on the combination of vulnerability gene and dynamic analysis,guides the dynamic analysis by combining the static analysis of vulnerability gene information,automatically identifies vulnerabilities and generates vulnerability utilization strings.In this experiment,has carried on the test,to more than 8000 ten thousand lines of code in less than a week detected 121 holes and generate the exploit string,compared with other automationvulnerability analysis technology such as fuzz testing,leak testing time needed for slashing and no false positives,but is still limited by the principle of static analysis there is a certain degree of false negative,overall vulnerabilities detection effect is remarkable.