摘要
针对开源软件的安全漏洞,现有预测方法的召回率和预测精准率较低,预测效果不符合预期。文章研究了基于深度学习的开源软件安全漏洞预测方法,首先将漏洞描述转换成词向量,其次从词向量中学习抽象的漏洞语义特征,并适应开源软件项目和安全项目的数据分布,最终实现漏洞特征的迁移学习。其中,文章利用sigma准则对缺失的数据进行了补全处理,以识别并删除异常数据点;采用多任务学习方法,在所有任务之间共享隐藏层的特征表示,并使用特定的分类器进行漏洞预测。实验结果表明,该方法在召回率和预测精确率方面表现出色,能够更全面地学习漏洞信息并实现良好的分类效果。
semantic features of vulnerabilities are learned from the word vector and adapted to the data distribution of open-source software projects and security projects.Finally,transfer learning of vulnerability features is achieved.Among them,the article uses the sigma criterion to complete the missing data,in order to identify and remove abnormal data points.Adopting multi task learning methods,sharing feature representations of hidden layers among all tasks,and using specific classifiers for vulnerability prediction.The experimental results show that this method performs well in terms of recall and prediction accuracy,and can learn vulnerability information more comprehensively and achieve good classification results.
作者
刘亚鹏
LIU Yapeng(Henan Economy&Trade Technician College,Xinxiang,Henan 453000,China)
出处
《计算机应用文摘》
2024年第11期110-112,共3页
Chinese Journal of Computer Application
关键词
深度学习
开源软件
安全漏洞
预测
deep learning
open source software
security vulnerabilities
prediction
