Feature dependence graph based source code loophole detection method
Given the problem that the existing source code loophole detection methods did not explicitly maintain the semantic information related to the loophole in the source code, which led to the difficulty of feature extraction of loo-phole statements and the high false positive rate of loophole detection...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2023-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2023018/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841540023431725056 |
|---|---|
| author | Hongyu YANG Haiyun YANG Liang ZHANG Xiang CHENG |
| author_facet | Hongyu YANG Haiyun YANG Liang ZHANG Xiang CHENG |
| author_sort | Hongyu YANG |
| collection | DOAJ |
| description | Given the problem that the existing source code loophole detection methods did not explicitly maintain the semantic information related to the loophole in the source code, which led to the difficulty of feature extraction of loo-phole statements and the high false positive rate of loophole detection, a source code loophole detection method based on feature dependency graph was proposed.First, extracted the candidate loophole statements in the function slice, and gen-erated the feature dependency graph by analyzing the control dependency chain and data dependency chain of the candi-date loophole statements.Secondly, the word vector model was used to generate the initial node representation vector of the feature dependency graph.Finally, a loophole detection neural network oriented to feature dependence graph was constructed, in which the graph learning network learned the heterogeneous neighbor node information of the feature de-pendency graph and the detection network extracted global features and performed loophole detection.The experimental results show that the recall rate and F1 score of the proposed method are improved by 1.50%~22.32% and 1.86%~16.69% respectively, which is superior to the existing method. |
| format | Article |
| id | doaj-art-235816f98d4d4f1bb426d4d8093bf8da |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2023-01-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-235816f98d4d4f1bb426d4d8093bf8da2025-01-14T06:28:04ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2023-01-014410311759388912Feature dependence graph based source code loophole detection methodHongyu YANGHaiyun YANGLiang ZHANGXiang CHENGGiven the problem that the existing source code loophole detection methods did not explicitly maintain the semantic information related to the loophole in the source code, which led to the difficulty of feature extraction of loo-phole statements and the high false positive rate of loophole detection, a source code loophole detection method based on feature dependency graph was proposed.First, extracted the candidate loophole statements in the function slice, and gen-erated the feature dependency graph by analyzing the control dependency chain and data dependency chain of the candi-date loophole statements.Secondly, the word vector model was used to generate the initial node representation vector of the feature dependency graph.Finally, a loophole detection neural network oriented to feature dependence graph was constructed, in which the graph learning network learned the heterogeneous neighbor node information of the feature de-pendency graph and the detection network extracted global features and performed loophole detection.The experimental results show that the recall rate and F1 score of the proposed method are improved by 1.50%~22.32% and 1.86%~16.69% respectively, which is superior to the existing method.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2023018/source codeloophole detectionsemantic informationdependence graphneural network |
| spellingShingle | Hongyu YANG Haiyun YANG Liang ZHANG Xiang CHENG Feature dependence graph based source code loophole detection method Tongxin xuebao source code loophole detection semantic information dependence graph neural network |
| title | Feature dependence graph based source code loophole detection method |
| title_full | Feature dependence graph based source code loophole detection method |
| title_fullStr | Feature dependence graph based source code loophole detection method |
| title_full_unstemmed | Feature dependence graph based source code loophole detection method |
| title_short | Feature dependence graph based source code loophole detection method |
| title_sort | feature dependence graph based source code loophole detection method |
| topic | source code loophole detection semantic information dependence graph neural network |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2023018/ |
| work_keys_str_mv | AT hongyuyang featuredependencegraphbasedsourcecodeloopholedetectionmethod AT haiyunyang featuredependencegraphbasedsourcecodeloopholedetectionmethod AT liangzhang featuredependencegraphbasedsourcecodeloopholedetectionmethod AT xiangcheng featuredependencegraphbasedsourcecodeloopholedetectionmethod |