Software Vulnerability Mining and Analysis Based on Deep Learning
作者机构:State Key Laboratory of Mathematical Engineering and Advanced ComputingZhengzhou450001China
出 版 物:《Computers, Materials & Continua》 (计算机、材料和连续体(英文))
年 卷 期:2024年第80卷第8期
页 面:3263-3287页
核心收录:
学科分类:08[工学] 0812[工学-计算机科学与技术(可授工学、理学学位)]
主 题:Vulnerability mining software security deep learning static analysis
摘 要:In recent years,the rapid development of computer software has led to numerous security problems,particularly software *** flaws can cause significant harm to users’privacy and *** security defect detection technology relies on manual or professional reasoning,leading to missed detection and high false detection *** intelligence technology has led to the development of neural network models based on machine learning or deep learning to intelligently mine holes,reducing missed alarms and false ***,this project aims to study Java source code defect detection methods for defects like null pointer reference exception,XSS(Transform),and Structured Query Language(SQL)***,the project uses open-source Javalang to translate the Java source code,conducts a deep search on the AST to obtain the empty syntax feature library,and converts the Java source code into a dependency *** feature vector is then used as the learning target for the neural *** types of Convolutional Neural Networks(CNN),Long Short-Term Memory(LSTM),Bi-directional Long Short-Term Memory(BiLSTM),and Attention Mechanism+Bidirectional LSTM,are used to investigate various code defects,including blank pointer reference exception,XSS,and SQL injection *** results show that the attention mechanism in two-dimensional BLSTM is the most effective for object recognition,verifying the correctness of the method.