Research On Source Code Vulnerability Detection Technology Based On Graph Computing

In recent years,with the rapid development of Internet information technology and the rapid development of mobile network applications,the number of software applications has increased dramatically.With the extensive application of software applications,some vulnerabilities generated in the software design phase or development process are likely to be exploited by attackers,which will cause bad effects.As the first review of software security,timely repair of vulnerabilities from the source code level can effectively reduce the losses caused by software vulnerabilities and save the cost of repairing vulnerabilities in the subsequent stages.The current code review work cannot be completed without manual participation.The dominant mainstream detection method is automated testing tools combined with the manual inspection to complete it,which not only reduces the workload of the inspectors but also improves the detection efficiency.And the source code static detection technology based on the intermediate representation of the source code is the focus of the researchers' attention.Therefore,this thesis studies the application of source code vulnerability detection technology based on graph computing.Firstly,the model of associated property graph of source code is constructed.In this thesis,by simplifying the code property graph and replacing the program dependency with the data dependency relationship,the construction efficiency of the code abstract graph model is improved,and the traditional data flow analysis method solves the problem of low detection accuracy caused by insensitivity to the path of taint-style vulnerabilities.Added the function call relationship and built the associated attribute graph model.Data flow analysis based on this model can realize data tracking across function calls,convert the path-insensitive data analysis process into a problem of graph traversal,and improve the accuracy of detection results.Then,based on the associated property graph,a detection algorithm for taint-style vulnerabilities is proposed.By analyzing the code of typical taint-style vulnerabilities,the typical characteristics of the vulnerabilities are summarized and summarized,and the characteristics are described by the graph database query language to obtain the graph model of the typical taint-style vulnerabilities.The detection of taint-style vulnerabilities is realized by matching the graph model with the property expansion graph generated by the detected code.Experiments show that the detection algorithm proposed in this thesis has a good detection effect.When detecting buffer overflow,null pointer reference,and division by zero,the value of F1 reaches 83.0%,83.0%,and 95.0%,respectively.Finally,the source code inspection system based on the associated property graph is completed.The associated property graph is obtained through lexical and grammatical analysis of the source code,which is imported into the graph database Neo4 j,combined with the summary and summarized taint-type vulnerability detection graph model,to complete the vulnerability detection work through graph matching.