mVulSniffer: a multi-type source code vulnerability sniffer method
Given the problem that the code slice used by existing deep learning-based vulnerability sniffer methods could not comprehensively encompass the subtle characteristics between vulnerability classes, and a single deep learning sniffer model had insufficient ability to learn long context-dependent inf...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2023-09-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2023184/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Given the problem that the code slice used by existing deep learning-based vulnerability sniffer methods could not comprehensively encompass the subtle characteristics between vulnerability classes, and a single deep learning sniffer model had insufficient ability to learn long context-dependent information between cross-file and cross-function code statements, a multi-type source code vulnerability sniffer method was proposed.Firstly, fine-grained two-level slices containing the types of vulnerabilities were extracted based on the control dependency and data dependency information in program dependency graph.Secondly, the two-level slices were transformed into initial feature vector.Finally, a fusion model of deep learning vulnerability sniffer suitable for two-level slices was constructed to achieve accurate vulnerability detection of multi-type source code.The experimental results on multiple synthetic datasets and two real datasets show that the proposed method outperforms the existing multi-type source code vulnerability sniffer methods. |
|---|---|
| ISSN: | 1000-436X |