Research On LSTM-GRU-based Source Code Vulnerability Detection Method For Out-of-bounds Write

Out-of-bounds Write(CWE787),is a vulnerability that can modify the memory data outside the boundary of the buffer by modify the index or execute the pointer algorithm.If a write operation is performed later,it will have serious consequences such as information leakage,equipment being charged,software crashes and even system crashes.In order to detect Out-of-bounds Write in more depth,this paper proposes a source code detection method for Out-of-bounds Write vulnerabilities based on LSTM-GRU.First,aiming at the problem of vulnerability metrics,by analyzing the source code of software vulnerabilities directly,an AST-based representation method of Out-of-bounds Write features is proposed.Aiming at the expression of the lexer rules and parser rules of the AST,based on the common features of Out-of-bounds Write,an improved lexer and parser rules of AST are built.Combining the improved rules with the Out-of-bounds Write text vector generation algorithm,while preserving the grammatical structure of the source code,the feature extraction of Out-of-bounds Write is enhanced,and the Out-of-bounds Write text vector stream is obtained.After that,the word embedding method is used to convert the Out-of-bounds Write text vector stream into a digital tensor form of the Out-ofbounds Write digital vector stream.Secondly,in view of the problem that traditional software vulnerability detection methods cannot obtain source code context semantic information,a natural language processing-based source code detection method for out-of-bounds writing vulnerabilities is proposed.Integrating the LSTM and GRU network and the maximum pooling method in natural language processing,the LSTM-GRU-based Out-of-bounds Write source code detection model is built,and the contextual semantic information extraction and feature extraction of the cross-border write vulnerability source code are achieved.The purpose of out-of-bounds writing vulnerability detection.Finally,an out-of-bounds write vulnerability detection experiment was conducted on the SARD's Out-of-bounds Write source code data set,which verified the effectiveness of the LSTM-GRU-based source code detection method for Out-of-bounds Write in the detection of Out-of-bounds Write.