基于特征依赖图的源代码漏洞检测方法

Feature dependence graph based source code loophole detection method

针对现有源代码漏洞检测方法未显式维护源代码中与漏洞相关的语义信息,导致漏洞语句特征提取困难和漏洞检测误报率高的问题,提出一种基于特征依赖图的源代码漏洞检测方法。首先,提取函数片中的候选漏洞语句,通过分析候选漏洞语句的控制依赖链和数据依赖链,生成特征依赖图。其次,使用词向量模型生成特征依赖图的节点初始表示向量。最后,构建一种面向特征依赖图的漏洞检测神经网络,由图学习网络学习特征依赖图的异构邻居节点信息,由检测网络提取全局特征并进行漏洞检测。实验结果表明,所提方法的召回率、F1分数分别提高1.50%~22.32%、1.86%~16.69%,优于现有方法。

Given the problem that the existing source code loophole detection methods did not explicitly maintain the semantic information related to the loophole in the source code, which led to the difficulty of feature extraction of loophole statements and the high false positive rate of loophole detection, a source code loophole detection method based on feature dependency graph was proposed. First, extracted the candidate loophole statements in the function slice, and generated the feature dependency graph by analyzing the control dependency chain and data dependency chain of the candidate loophole statements. Secondly, the word vector model was used to generate the initial node representation vector of the feature dependency graph. Finally, a loophole detection neural network oriented to feature dependence graph was constructed, in which the graph learning network learned the heterogeneous neighbor node information of the feature dependency graph and the detection network extracted global features and performed loophole detection. The experimental results show that the recall rate and F1 score of the proposed method are improved by 1.50%~22.32% and 1.86%~16.69% respectively, which is superior to the existing method.