A System For Vulnerability Knowledge Graph Construction And Vulnerability Detection Based On Java Program

As the trend of open source software is becoming more and more popular,more and more security personnel are engaged in open source software vulnerability detection.After long-term accumulation of experience,the vulnerability information database publicly available on the Internet follows one after another.On the one hand,the vulnerability information disclosed on the Internet is scattered and heterogeneous,and the existing vulnerability database information cannot serve the security research work well;on the other hand,the level and semantic relationship of the source code is complicated,and the current vulnerability detection system does not make full use of the semantics of source code vulnerability relationships to detect vulnerabilities.In response to the above problems,a system for knowledge graph construction and vulnerability detection are designed and implemented based on Java program.First of all,for the disadvantage of scattered vulnerability information in big data environment,it realizes the automatic collection and processing of multi-source vulnerability data,and can update and expand the data automatically.Then,in view of the characteristics of incomplete information and lack of association in traditional vulnerability databases,a vulnerability knowledge graph based on multi-source vulnerability data was constructed to visually correlate scattered vulnerability information and reflect the relationship and dependency between different data.Finally,based on the vulnerability knowledge system of knowledge graph,analyze the data flow and control flow of Java source code vulnerabilities,use taint analysis technology to detect the vulnerabilities of the software itself,and combine the software dependency analysis technology to detect the vulnerabilities of software dependencies that affect the software itself.A Java vulnerability detection system based on knowledge graph is implemented.The performance of the knowledge graph system is tested through experiments,and the effectiveness of the vulnerability detection method is verified.The vulnerability knowledge graph contains data of millions of nodes and edges,covering more vulnerability information than NVD,BID and other existing vulnerability databases,with high query efficiency and good visualization effect.Vulnerability detection system can detect real Java software.Two methods,stain analysis vulnerability detection and software dependency vulnerability detection,can detect software vulnerabilities from different dimensions,give vulnerability impact path,and locate specific vulnerability lines and vulnerability methods.