计算机科学
邻接矩阵
源代码
图形
财产(哲学)
编码(集合论)
功能(生物学)
理论计算机科学
人工智能
脆弱性(计算)
脆弱性评估
机器学习
数据挖掘
计算机安全
程序设计语言
哲学
集合(抽象数据类型)
认识论
进化生物学
生物
心理学
心理弹性
心理治疗师
作者
Haojie Zhang,Yujun Li,Yiwei Liu,Nan-Xin Zhou
标识
DOI:10.1109/iccwamtip53232.2021.9674145
摘要
As the number of vulnerabilities continues to rise, security incidents triggered by vulnerabilities emerge endlessly. Current vulnerability detection methods still have some problems, such as detecting only a single function, relying heavily on expert knowledge, and being unable to achieve automation. According to the observation of the Juliet dataset, we find vulnerability exists not only within the single function but also between the called function and the calling function. Meanwhile, there are some differences between vulnerable functions and non-vulnerable functions in the code property graph. Therefore, this article proposes a vulnerability detection solution named VULMG, which converts vulnerability detection into the graph classification problem. VULMG includes a vectorization component named VecG and a deep learning classification model named MGGAT. Based on the code property graph, VecG extracts the lexical, grammatical, and semantic information of the source code as a feature matrix and extracts information such as structure, control, and dependence as three adjacency matrices. MGGAT is a deep learning model based on the graph attention network, which is used for graph classification. Besides, VULMG uses the FCG to associate the calling function with the called function so that it can detect the cross-function vulnerabilities. We selected CWE369 and CWE476 from the Juliet dataset for testing, and the F1 scores were 94.43% and 96.3%. The evaluation results indicate that VULMG outperforms Flawfinder, RATS, BiLSTM, SVM, and GCN, which verifies the effectiveness of the proposed solution.
科研通智能强力驱动
Strongly Powered by AbleSci AI