Research On Source Code Vulnerability Detection Based On Bounding Box Regression

In recent years,network security intelligent analysis has become one of the fastest growing interdisciplinary research,and a number of software vulnerability detection methods based on machine learning have emerged.However,because the vulnerability detection method based on machine learning is still in its infancy and exploration stage,there are many problems,such as not making full use of the semantic information in the source code,high false positive rate,coarse detection granularity,inaccurate positioning and so on.To solve the above problems,this paper studies the related work of source code vulnerability detection,and proposes a vulnerability detection scheme based on bounding box regression for source code.The major work of this paper is as follows:Firstly,referring to the methods and ideas in the field of target detection,the boundary box regression method is introduced into the vulnerability detection,and a boundary box marking strategy is proposed to represent the location of the vulnerability.At the same time,a segment detection idea is proposed,and based on this idea,a segment detector is proposed and designed,which is used to predict the bounding box representing the location of the vulnerability,and effectively improves the detection accuracy.Secondly,a deep learning model based on the idea of boundary box regression is designed,and the loss function is redefined.The model can extract features from the program,directly predict the boundary box representing the location of the vulnerability through the overall features of the program,and can carry out end-to-end optimization to improve the positioning accuracy.Finally,a vulnerability detection scheme based on bounding box regression,BBregLocator,is designed and implemented,and the feasibility and effectiveness of the scheme are verified by experiments on public data sets.Experimental results show that the scheme can effectively improve the accuracy of vulnerability location while maintaining low false positive rate and low false negative rate.