Program Vulnerability Detection Through Learning On Code Text And Control Structure

With the widespread popularity of information technology,computer software has also penetrated the public’s work,life and entertainment.Software has brought many conveniences to people,but it has also caused quite a few problems.Software security is one of the key issues.In order to meet the ever-increasing needs of users,the software is constantly updated,which has also led to an endless stream of various means of network attack.Once this kind of hidden vulnerability in the software is used maliciously,it will bring huge losses to the software developers.Therefore,some vulnerability detection methods that can accurately identify malicious vulnerabilities are particularly important for studying software security issues.In the field of software vulnerability detection methods,most of the existing software vulnerability detection methods have more research on the characteristic information of program text or semantic syntax,but less research on the characteristic information contained in the vulnerability behavior pattern.Based on this,based on the vulnerability behavior model,this paper proposes a program vulnerability detection algorithm based on frequent function call pairs.The behavior pattern of vulnerable function calls is further characterized by frequent function calls.However,there are still limitations to a single feature to characterize vulnerabilities.In response to this problem,based on the idea of integrated learning,this paper proposes a vulnerability detection algorithm that combines multiple features to characterize vulnerabilities.The algorithm comprehensively considers three different characteristics of program code text,frequent function call pairs,and sensitive function centrality analysis.Based on static analysis,three characteristics are extracted for analysis,and a basic vulnerability classification model is constructed.After that,through the Bagging idea in ensemble learning,a one-vote veto system was applied to the classification prediction of the basic classifier,and the final ensemble model was obtained.Finally,in order to verify the effectiveness of the CTCS-VD algorithm,an experimental analysis on precision,recall and accuracy was carried out on the public real Android vulnerability assembly.The comparison results show that the precision of the CTCS-VD algorithm is equivalent to that of the single-feature vulnerability detection algorithm on most data sets,and both recall and accuracy rates of the CTCSVD algorithm are significantly better than the single-feature vulnerability detection algorithm.The research of vulnerability detection algorithms helps software developers to correctly determine whether the software is safe before it goes online,thereby further reducing the harm caused by vulnerabilities.