基于图结构源代码切片的智能化漏洞检测系统

doi:10.11959/j.issn.2096-109x.2021088

Abstract

Abstract:

For the intelligent vulnerability detection, the system extracts the graph structured source code slices according to the vulnerability characteristics from the program dependency graph of source code, and then presents the graph structured slice information to carry out vulnerability detection by using the graph neural network model.Slice level vulnerability detection was realized and the vulnerability line was located at the code line level.In order to verify the effectiveness of the system, compared with the static vulnerability detection systems, the vulnerability detection system based on serialized text information, and the vulnerability detection system based on graph structured information, the experimental results show that the proposed system has a high accuracy in the vulnerability detection capability and a good performance in the vulnerability code line prediction.

Key words: vulnerability detection, graph structure, code slice, deep learning

CLC Number:

TP393

Deqing ZOU, Xiang LI, Minhuan HUANG, Xiang SONG, Hao LI, Weiming LI. Intelligent vulnerability detection system based on graph structured source code slice[J]. Chinese Journal of Network and Information Security, 2021, 7(5): 113-122.

Figures/Tables 7

References 21

[1]	李韵, 黄辰林, 王中锋 ,等. 基于机器学习的软件漏洞挖掘方法综述[J]. 软件学报, 2020,31(7): 2040-2061.
	LI Y , HUANG C L , WANG Z F ,et al. Survey of software vulnerability mining methods based on machine learning[J]. Journal of Software, 2020,31(7): 2040-2061.
[2]	陈肇炫, 邹德清, 李珍 ,等. 基于抽象语法树的智能化漏洞检测系统[J]. 信息安全学报, 2020,5(4): 1-13.
	CHEN Z X , ZOU D Q , LI Z ,et al. Intelligent vulnerability detection system based on abstract syntax tree[J]. Journal of Cyber Security, 2020,5(4): 1-13.
[3]	LI Z , ZOU D Q , XU S H ,et al. VulDeePecker:a deep learning-based system for vulnerability detection[C]// The Network and Distributed System Security Symposium. 2018.
[4]	XIAO Y , CHEN B H , YU C D ,et al. MVP:Detecting vulnerabilities using patch-enhanced vulnerability signatures[C]// USENIX Security Symposium. 2018.
[5]	GUSTAVO G , GUILLERMO L G , UZAL L ,et al. Toward large-scale vulnerability discovery using machine learning[C]// The 6th ACM on Conference on Data and Application Security and Privacy (CODASPY'16). 2016: 85-96.
[6]	STEPHAN N , THOMAS Z , CHRISTIAN H ,et al. Predicting vulnerable software components[C]// 2007 ACM Conference on Computer and Communications Security (CCS'07). 2007: 529-540.
[7]	FABIAN Y , MARKUS L , KONRAD R . Generalized vulnerability extrapolation using abstract syntax trees[C]// The 28th Annual Computer Security Applications Conference. 2012: 359-368.
[8]	FABIAN Y , ALWIN M , HUGO G ,et al. Automatic inference of search patterns for taint-style vulnerabilities[C]// IEEE Symposium on Security and Privacy (S＆P'15). 2015: 797-812.
[9]	ZOU D Q , WANG S J , XU S H ,et al. ?VulDeePecker:a deep learning-based system for multiclass vulnerability detection[J]. IEEE Transactions on Dependable and Secure Computing, 2021,15(5): 2224-2236.
[10]	LI Z , ZOU D Q , XU S H ,et al. VulDeeLocator:a deep learning-based fine-grained vulnerability detector[J]. IEEE Transactions on Dependable and Secure Computing, 2021.
[11]	LI Z , ZOU D Q , XU S H ,et al. SySeVR:a Framework for using deep learning to detect software vulnerabilities[J]. IEEE Transactions on Dependable and Secure Computing, 2021.
[12]	LIN G J , XIAO W , ZHANG J ,et al. Deep Learning-based vulnerable function detection:a benchmark[C]// The 21st International Conference on Information and Communications Security. 2019: 219-232.
[13]	LIN G J , ZHANG J , LUO W ,et al. POSTER:vulnerability discovery with function representation learning from unlabeled projects[C]// ACM SIGSAC Conference on Computer and Communications Security. 2017: 2539-2541.
[14]	LIN G J , ZHANG J , LUO W ,et al. Cross-project transfer representation learning for vulnerable function discovery[J]. IEEE Trans Industrial Informatics, 2018,14(7): 329-3297.
[15]	LIU S G , LIN G J , QU L Z ,et al. CD-VulD:cross-domain vulnerability discovery based on deep domain adaptation[J]. IEEE Transactions on Dependable and Secure Computing, 2020.
[16]	VAN N , TRUNG L , TUE L ,et al. Deep domain adaptation for vulnerable code function identification[C]// International Joint Conference on Neural Networks. 2019: 1-8.
[17]	REBECCA , LOUISK , LEI H , ET A L . Automated vulnerability detection in source code using deep representation learning[C]// The 17th IEEE International Conference on Machine Learning and Applications(ICMLA). 2018: 757-762.
[18]	TIM S , . Machine-learning supported vulnerability detection in source code[C]// The 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering(ESEC/FSE). 2019: 1180-1183.
[19]	WANG H T , YE G X , TANG Z Y ,et al. Combining graph-based learning with automated data collection for code vulnerability detection[J]. IEEE Transactions on Dependable and Secure Computing. 2020.
[20]	DUAN X , WU H , JI S L ,et al. VulSniper:focus your attention to shoot fine-grained vulnerabilities[C]// The 28th International Joint Conference on Artificial Intelligence. 2019: 4665-4671.
[21]	ZHOU Y Q , LIU S Q , SIOW J ,et al. Devign:effective vulnerability identification by learning comprehensive program semantics via graph neural networks[C]// Annual Conference on Neural Information Processing Systems(NeurIPS). 2019: 10197-10207.

Metrics

Recommended 0

No Suggested Reading articles found!

池化比率	P	R	F1	IoU	\|V\|
0.50	91.7%	85.4%	88.4%	12.3%	2.2
0.60	93.2%	84.8%	88.8%	13.1%	3.7
0.65	92.8%	86.8%	89.7%	13.4%	4.7
0.70	89.2%	89.4%	89.3%	12.5%	5.5
0.80	93.7%	85.4%	89.4%	11.3%	8.1

检测系统	P	R	F1	IoU	\|V\|
SySeVR系统	84.6%	94.5%	89.3%	7.9%	13.3%
本文系统	92.8%	86.8%	89.7%	13.4%	4.7%

检测系统	P	R	F1
Devign系统	36.1%	100.0%	53.1%
本文系统	92.8%	86.8%	89.7%

检测系统	P	R	F1
RATS系统	12.8%	14.7%	13.7%
Flawfinder系统	22.8%	29.6%	25.7%
Checkmarx系统	30.9%	43.2%	36.1%
本文系统	92.8%	86.8%	89.7%

Intelligent vulnerability detection system based on graph structured source code slice

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 21

Related Articles 15

Metrics

Recommended 0

[1]	Xiaomeng LI, Daidou GUO, Xunfang ZHUO, Heng YAO, Chuan QIN. Carrier-independent screen-shooting resistant watermarking based on information overlay superimposition [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 135-149.
[2]	Rongna XIE, Zhuhong MA, Zongyu LI, Ye TIAN. Encrypted traffic classification method based on convolutional neural network [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 84-91.
[3]	Dengyong ZHANG, Huang WEN, Feng LI, Peng CAO, Lingyun XIANG, Gaobo YANG, Xiangling DING. Image inpainting forensics method based on dual branch network [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 110-122.
[4]	Jiaying LIN, Wenbo ZHOU, Weiming ZHANG, Nenghai YU. Lip forgery detection via spatial-frequency domain combination [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 146-155.
[5]	Chao MU, Xin WANG, Ming YANG, Heng ZHANG, Zhenya CHEN, Xiaoming WU. Hardcoded vulnerability detection approach for IoT device firmware [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 98-110.
[6]	Jinyin CHEN, Changan WU, Haibin ZHENG. Novel defense based on softmax activation transformation [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 48-63.
[7]	Baolin QIU, Ping YI. Adversarial examples defense method based on multi-dimensional feature maps knowledge distillation [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 88-99.
[8]	Cheng HUANG, Mingxu SUN, Renyu DUAN, Susheng WU, Bin CHEN. Vulnerability identification technology research based on project version difference [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 52-62.
[9]	Lijuan LI, Man LI, Hongjun BI, Huachun ZHOU. Multi-type low-rate DDoS attack detection method based on hybrid deep learning [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 73-85.
[10]	Zhongyuan QIN, Zhaoxiang HE, Tao LI, Liquan CHEN. Adversarial example defense algorithm for MNIST based on image reconstruction [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 86-94.
[11]	Zhenglong WANG, Baowen ZHANG. Survey of generative adversarial network [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 68-85.
[12]	Binglong LI, Jinlong TONG, Yu ZHANG, Yifeng SUN, Qingxian WANG, Chaowen CHANG. Auto forensic detecting algorithms of malicious code fragment based on TensorFlow [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 154-163.
[13]	Hao CHEN, Ping YI. Code vulnerability detection method based on graph neural network [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 37-45.
[14]	Qingyin TAN, Yingming ZENG, Ye HAN, Yijing LIU, Zheli LIU. Survey on backdoor attacks targeted on neural network [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 46-58.
[15]	Luhui YANG,Huiwen BAI,Guangjie LIU,Yuewei DAI. Lightweight malicious domain name detection model based on separable convolution [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 112-120.