摘要
针对现有的静态分析技术难以及时、准确地检测软件安全漏洞的问题,提出了一种基于图表示和多头图注意力网络(multi-head graph attention network,MHGAT)的代码漏洞静态检测方法。首先,通过程序切片从源代码的系统依赖图中提取漏洞代码片段,根据系统依赖图构建不同语句间连接关系的邻接矩阵,并采用嵌入算法获取代码片段的特征矩阵;然后,将多个代码片段的邻接矩阵和特征矩阵以不相交图的形式进行拼接;最后,使用多个卷积池化基本块获取代码图数据在不同层次上的特征,并利用跳跃知识网络集成各个基本块的输出。实验结果表明,相比其他漏洞检测方法,所提方法通过数据表征形式和算法上的改进,有效提高了漏洞检测的效率和效果。
Aiming at the problem that the existing static analysis technology is difficult to detect software security vulnerabilities timely and accurately,a code vulnerability static detection method based on graph representation and multi-head graph attention network(MHGAT)is proposed.Firstly,vulnerability code snippets are extracted from the system dependency graph of source code by program slicing,adjacency matrix of connection relation between different statements is constructed according to the system dependency graph,and feature matrix of code snippet is obtained by embedding algorithm.Then,the adjacency matrix and feature matrix of multiple code snippets are spliced in the form of disjoint graph.Finally,multiple convolution-pooling basic blocks are used to obtain the characteristics of code graph data at different levels,and the output of each basic block is integrated by jumping knowledge network.Experimental results show that compared with other vulnerability detection methods,the proposed method can effectively improve the efficiency and effectiveness of vulnerability detection through the improvement of data representation form and algorithm.
作者
程靖云
王布宏
罗鹏
CHENG Jingyun;WANG Buhong;LUO Peng(College of Information and Navigation,Air Force Engineering University,Xi’an 710077,China)
出处
《系统工程与电子技术》
EI
CSCD
北大核心
2023年第5期1535-1543,共9页
Systems Engineering and Electronics
基金
国家自然科学基金(60831001)
国防基金(9140A31010109HK0101)资助课题。
关键词
漏洞检测
程序切片
图表征学习
图注意力网络
多头自注意力
vulnerability detection
program slicing
graph representation learning
graph attention network
multi-head self-attention
