Research On Source Code Vulnerability Mining Technology Based On Layered Attention Network

With the continuous development of network technology,vulnerability mining technology is constantly updated.The emergence of new mining tools and technologies has played a positive role in promoting the development of security vulnerability mining technology.Undoubtedly,vulnerability mining technology will get rid of manual constraints and enter the automation era.However,from the current research situation,there are still the following problems: many existing technical research only stays at the level above the source code to conduct vulnerability mining,This also implies that it’s difficult to gain a deeper understanding of the semantic information present in the source code,which in turn hinders the ability to effectively interpret and utilize the results of vulnerability mining.;Not only that,in the process of program processing,many current processing methods still have some defects and lack of more complete schemes,which leads to a lot of data redundancy and extra computational overhead.For example,it can be treated as a text language,or it can be dynamically analyzed to extract the program property map.To address the limitations of current methods,the present study introduces a novel approach for mining vulnerabilities in program source code.This approach is based on hierarchical attention network technology,which allows for fine-grained vulnerability mining that is both interpretable and effective.The primary objectives of this research are as follows:First of all,for the preprocessing of data source code in vulnerability mining,the method based on abstract syntax tree is used to convert the program source code into the corresponding vector representation,further retaining the semantic information of the source code,and reducing the overhead of data processing.The abstract syntax tree is traversed,the function node information is extracted,and it is mapped to a fixed name for training the word embedding model,and finally the data is extracted and rearranged to obtain a hierarchical vector representation.By using the abstract syntax tree,the program structure can be efficiently analyzed,and the encoding can be easily reconstructed,ensuring the semantic information integrity of the data.Second,based on the program source code,a hierarchical attention network layer and a gated recurrent network are used in the construction of the model.After vectorizing the program code layered sequence,the data is input into the model for learning and training,and the variable-length vector data in the two-level loop neural network layer uses the method of packing and filling to completely retain the semantic information of the data sequence,to reduce data loss caused by data truncation,thereby reducing computing resource overhead and memory usage.The model is divided into word level and sentence level.Attention mechanism and gating loop are added to the two levels respectively,so as to not only realize the extraction of data features and management of sequence data,but also distinguish the weights of different sequence codes through the attention mechanism,so as to distinguish the key characteristics of the vulnerability through the importance analysis of the weight,so as to strengthen the interpretability of this model and further provide assistance to the vulnerability mining technology in the actual application process.Finally,the paper applies the model on two currently representative datasets and visualizes the vulnerability weights.The test results show that this model is superior to other cases listed in this paper in terms of processing efficiency and interpretability of vulnerability weights.