Journal on Communications ›› 2021, Vol. 42 ›› Issue (11): 233-241.doi: 10.11959/j.issn.1000-436x.2021196

• Correspondences • Previous Articles     Next Articles

Dual-granularity lightweight model for vulnerability code slicing method assessment

Bing ZHANG1,2, Zheng WEN1,2, Yuxuan ZHAO1, Ning WANG1, Jiadong REN1,2   

  1. 1 School of Information Science and Engineering, Yanshan University, Qinhuangdao 066004, China
    2 Key Laboratory of Software Engineering of Hebei Province, Qinhuangdao 066004, China
  • Revised:2021-09-23 Online:2021-11-25 Published:2021-11-01
  • Supported by:
    The National Natural Science Foundation of China(61802332);The National Natural Science Foundation of China(61807028);The National Natural Science Foundation of China(61772449);The Doctoral Foundation Program of Yanshan University(BL18012)

Abstract:

Aiming at the problems existing in the assessment of existing vulnerability code slicing method, such as incomplete extraction of slicing information, high model complexity and poor generalization ability, and no feedback in the evaluation process, a dual-granularity lightweight vulnerability code slicing evaluation (VCSE) model was proposed.Aiming at the code snippet, a lightweight fusion model of TF-IDF and N-gram was constructed, which bypassed the OOV problem efficiently, and the semantic and statistical features of code slices were extracted based on the double granularity of words and characters.A heterogeneous integrated classifier with high accuracy and generalization performance was designed for vulnerability prediction and analysis.The experimental results show that the evaluation effect of lightweight VCSE is obviously better than that of the current widely used deep learning model.

Key words: code slicing, vulnerability prediction, out of vocabulary, lightweight, assessment method

CLC Number: 

No Suggested Reading articles found!