Research On Software Vulnerability Prediction Method Based On Deep Transfer Learning

Software vulnerability prediction technology can assist software development and maintenance to ensure software quality.However,the abstract syntax tree representation generated by the complex and large-scale vulnerability source code is more complicated,which will cause the gradient disappearance or gradient explosion of the tree-based neural network model during training,which will reduce the training efficiency;the number of multi-directional sentence tree nodes differences cause coding problems;in addition,a single classifier is not comprehensive enough to predict multiple categories of vulnerability data.This article starts research on the above-mentioned problems.First of all,the DFS-AST sentence segmentation algorithm is proposed for the problem of data representation of the vulnerable source code.Using dynamic programming,the large-scale abstract syntax tree is decomposed into a series of sentence subtrees,and the nested sentences are segmented based on the definition rules,while retaining the original syntax tree structure,the data scale is reduced and the data quality is improved.Secondly,for the problem of vulnerability source code characterization,a vulnerability characterization algorithm based on Word2 Vec dynamic processing is proposed.Use Word2 Vec to map semantically similar words to adjacent positions in the space vector,and use the Rv NN-based sentence encoder and dynamic batch processing algorithm to recursively calculate and optimize the vector representation of all nodes,so as to solve the coding problem and ensure that the vulnerability has sufficient semantic features Improve training efficiency while extracting.Third,for the multi-classification problem,the Multi-output DNN prediction model is proposed,which is considered from the two stages of feature learning and classification prediction.The feature learning stage fully considers the general semantic feature learning of different vulnerability categories,and adopts bi-directional Gated Recursive Unit(BiGRU)captures the general structure and semantic information of the vulnerability source code;the classification prediction stage fully considers the difference of the vulnerability characteristics of different categories,constructs the vulnerability branch layer,and can extend and update the Multi-output DNN based on migration learning to improve the scalability of the model and predictive performance.Finally,this article compares the Word2 Vec dynamic processing algorithm with other methods for comparative experimental analysis,and compares the Multi-output DNN vulnerability prediction algorithm with a single DNN,machine learning algorithm and the current relatively new software vulnerability prediction algorithm to verify its effectiveness.