网络与信息安全学报 ›› 2021, Vol. 7 ›› Issue (5): 113-122.doi: 10.11959/j.issn.2096-109x.2021088

• 学术论文 • 上一篇    

基于图结构源代码切片的智能化漏洞检测系统

邹德清1, 李响2, 黄敏桓2, 宋翔3, 李浩3, 李伟明4   

  1. 1 华中科技大学网络空间安全学院,湖北 武汉 430074
    2 信息系统安全技术重点实验室,北京 100101
    3 华中科技大学软件学院,湖北 武汉 430074
    4 华中科技大学网络与计算中心,湖北 武汉 430074
  • 修回日期:2021-09-10 出版日期:2021-10-01 发布日期:2021-10-01
  • 作者简介:邹德清(1975− ),男,湖南浏阳人,华中科技大学教授、博士生导师,主要研究方向为系统与软件安全、云计算安全
    李响(1983− ),女,河北涿州人,信息系统安全技术重点实验室高级工程师,主要研究方向为软件脆弱性分析、恶意代码检测
    黄敏桓(1971− ),男,江西万载人,信息系统安全技术重点实验室研究员,主要研究方向为脆弱性自动分析、网络安全评估与验证
    宋翔(1996− ),男,河南新乡人,华中科技大学硕士生,主要研究方向为网络安全
    李浩(1995− ),男,河南驻马店人,华中科技大学硕士生,主要研究方向为网络安全
    李伟明(1975− ),男,湖南株洲人,华中科技大学副教授,主要研究方向为网络安全
  • 基金资助:
    国家自然科学基金(U1936211)

Intelligent vulnerability detection system based on graph structured source code slice

Deqing ZOU1, Xiang LI2, Minhuan HUANG2, Xiang SONG3, Hao LI3, Weiming LI4   

  1. 1 School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan 430074, China
    2 National Key Laboratory of Science and Technology on Information System Security, Beijing 100101, China
    3 School of Software Engineering, Huazhong University of Science and Technology, Wuhan 430074, China
    4 Network and Computation Center, Huazhong University of Science and Technology, Wuhan 430074, China
  • Revised:2021-09-10 Online:2021-10-01 Published:2021-10-01
  • Supported by:
    The National Nature Science Foundation of China(U1936211)

摘要:

针对智能化漏洞检测,从源代码程序依赖图中根据漏洞特征提取图结构源代码切片,将图结构切片信息表征后利用图神经网络模型进行漏洞检测工作。实现了切片级的漏洞检测,并在代码行级预测漏洞行位置。为了验证系统的有效性,分别与静态漏洞检测系统、基于序列化文本信息和基于图结构化信息的漏洞检测系统做比较,实验结果表明,所提系统在漏洞检测能力上有较高准确性,并且在漏洞代码行预测工作上有较好表现。

关键词: 漏洞检测, 图结构, 代码切片, 深度学习

Abstract:

For the intelligent vulnerability detection, the system extracts the graph structured source code slices according to the vulnerability characteristics from the program dependency graph of source code, and then presents the graph structured slice information to carry out vulnerability detection by using the graph neural network model.Slice level vulnerability detection was realized and the vulnerability line was located at the code line level.In order to verify the effectiveness of the system, compared with the static vulnerability detection systems, the vulnerability detection system based on serialized text information, and the vulnerability detection system based on graph structured information, the experimental results show that the proposed system has a high accuracy in the vulnerability detection capability and a good performance in the vulnerability code line prediction.

Key words: vulnerability detection, graph structure, code slice, deep learning

中图分类号: 

No Suggested Reading articles found!