Research On Security Detection Of Open Source Software For Source Code

As open source products and frameworks become more widely used in the IT industry and Internet companies,the quality of open source software has received widespread attention.Development standards,performance metrics,software vulnerabilities,code cloning,etc.all affect the security of soft open source software.There are a lot of security risks in the open source software source code.CVE,NIST and 360 teams have found a large number of code vulnerabilities in the source code of the major open source communities.Therefore,research on the security of open source software source code is imminent.This paper starts with the vulnerability detection,vulnerability prediction,code cloning three aspects to study the security of open source software source code.By improving and combining existing deep learning models,a new model is proposed that is more suitable for detecting source code vulnerability.The specific work is as follows:1.The source code vulnerability detection method based on hybrid deep learning model is studied.This part first establishes a vulnerability library containing 7 major types of vulnerability issues,and defines the key points of the program slice in the vulnerability library.Secondly,the key point is used as the entry point of the program slice,and the control flow graph and the data flow graph are extracted to obtain the vulnerability characteristics of the source code.Standardized and vectorized vulnerability features obtained through the word2vec tool.Finally,the feature vector is used as the input to the hybrid depth model DCnnGRU.The model uses a convolutional neural network(CNN)as an interface to interact with feature vectors,and a gated loop unit(GRU)is embedded in the middle of the CNN as a gating mechanism for capturing code call relationships.2.The source code vulnerability prediction method based on combined deep learning model is studied.Firstly,the change indicator system is constructed.Based on the existing change indicators,two dimensions of review and time are introduced to construct a new change indicator system.Secondly,in order to solve the problem that there are far fewer vulnerable samples in the dataset than the non-vulnerability samples,the boundary uniformity generation confrontation network(BEGAN)is used to generate vulnerable samples for the first time.Finally,based on the DCnnGRU model,the unidirectional GRU is changed to a two-way GRU,and the model CBGRU for vulnerability prediction is obtained.3.The code clone detection method based on improved capsule network is studied.This part of the study proposes a new code detection and positioning framework:TPCaps,which combines tokens based on PDG-based code clone detection methods and introduces a capsule network model(CapsNet).The clone pair with no cloning phenomenon is first filtered by data set partitioning and semantic signature,and the tokens value of the code is determined.Second,generate a PDG that extracts the data dependencies and control dependencies of the source code.Finally,the clone code of Type-1&2 is determined by the tokens value,and the Type-3&4 clone code is detected by the improved model RCapsNet.