Research On Software Buffer Overflow Vulnerability Detection Method Based On Deep Learning

With the wide use of software in our daily life,the problem of software security is gradually attracting people's attention.Among them,buffer overflow vulnerability is the most common and serious one in software security.Buffer overflow vulnerability can lead to a series of hazards such as unauthorized access,information theft,system breakdown and so on.In order to effectively detect buffer overflow vulnerabilities,this paper proposes a buffer overflow vulnerability detection method based on deep learning.The main work of this paper is as follows:Firstly,the paper studies the software buffer overflow vulnerability and constructs the abstract syntax tree for the suspicious code of buffer overflow vulnerability.Based on the suspicious code of buffer overflow vulnerability,a fuzzy location algorithm is proposed.Through the fuzzy location of the suspect code,the suspect code which may exist in the source code buffer overflow vulnerability is obtained and the suspect code block is constructed.Secondly,according to the code block obtained by the fuzzy location algorithm of the suspicious code,the key points of the buffer overflow vulnerability in the code block are analyzed.According to the different calling ways of the function at the key points of the vulnerability,the vulnerability program chip is constructed by different slicing methods,and the construction algorithm of the vulnerability program chip is proposed.Word2 vec technology is used to construct the semantic feature vector of the program chip,and the semantic feature vector construction algorithm based on vulnerability program chip is proposed.Again,build the buffer overflow vulnerabilities detection model,the test model adopted the Bi-LSTM network model as a classifier,solve the problem of the program semantic information can't two-way transfer,based on the vulnerability program piece of semantic feature vectors,and implements the buffer overflow vulnerabilities detection work,buffer overflow vulnerabilities detection results are obtained.Finally,buffer overflow vulnerabilities in C/C++ program testing experiment,first to verify the effectiveness of the suspicious code fuzzy localization algorithm,then validate the effectiveness of the method of building based on program slice feature vector,further on the Bi-LSTM neural network detection model parameter adjustment experiment,obtained an optimal classifier model,and compared with other classic algorithms classification model has carried on the contrast experiment,this thesis verified the buffer overflow vulnerabilities detection method based on the deep learning effectiveness.