| The application of software program has been integrated into every aspect of social life,and the accompanying program security issues have become more and more important in the industry.The multi-functional software has a variety of code styles that can be compared with human language.Therefore,the vulnerability analysis task for software programs has developed into a separate field in terms of background requirements and professional technologies,and has attracted more and more attention.Based on scenarios and functional requirements,this article divides the whole study into three core points: vulnerability detection,multi-vulnerability identification and cross-project transfer learning performance of the model.For the vulnerability detection task,this article further refined the scheme flow.First of all,in order to reduce the personalized characteristics of the original data and improve the generality of vulnerability data,this article designed a variety of abstract representation techniques,striving to achieve the best balance between feature richness and universality.Then,the abstracted data is still some text symbols.Although it has strong semantic characteristics,the model can not receive and process.Therefore,this article established the corresponding vectorization and normalization mechanism,realized a series of digital transformation of the abstract sequence,and preserved the original semantic and grammatical rules of the sequence as much as possible on the premise of ensuring that the model could be processed.Finally,this article designed three classification models for different scenarios to study the potential distribution of processed data.In view of the two tasks for identification of multiple vulnerability types and portability of model between different projects,this article further improved each of the above modules.Firstly,from the perspective of data,this article used unsupervised prediction model to carry out one-to-one expansion of the existing data.In addition,this article redesigned a new abstract representation method,which can realize data abstraction,vectorization and normalization simultaneously.In terms of the classification model,this article designed a multi-step composite network structure to realize the hierarchical stripping of vulnerability identification,which greatly improved the stability and portability of the model.In addition,this article drew on the latest ideas of the academic community,including the pretraining model based on a large number of unlabeled data,the graph neural network with learnable topology and so on.Finally,a set of software multi-vulnerability identification scheme for Java programming language was established.Finally,this article designed a targeted simulation experiment to demonstrate the above functional requirements one by one.The results showed that our scheme has better convergence speed and stability compared with other models while it completed the basic task indexes,especially in the performance of the portability. |
PDF Full Text Request