期刊文献+
共找到1篇文章
< 1 >
每页显示 20 50 100
Graph neural network based approach Che upo to automatically assigning common weakness enumeration identifiers for vulnerabilities
1
作者 Peng Liu Wenzhe Ye +4 位作者 Haiying Duan Xianxian Li Shuyi Zhang chuanjian yao Yongnan Li 《Cybersecurity》 EI CSCD 2024年第3期1-15,共15页
Vulnerability reports are essential for improving software security since they record key information on vulnerabilities.In a report,CWE denotes the weakness of the vulnerability and thus helps quickly understand the ... Vulnerability reports are essential for improving software security since they record key information on vulnerabilities.In a report,CWE denotes the weakness of the vulnerability and thus helps quickly understand the cause of the vulner-ability.Therefore,CWE assignment is useful for categorizing newly discovered vulnerabilities.In this paper,we propose an automatic CwE assignment method with graph neural networks.First,we prepare a dataset that contains 3394 real world vulnerabilities from Linux,OpenSSL,Wireshark and many other software programs.Then,we extract state-ments with vulnerability syntax features from these vulnerabilities and use program slicing to slice them according to the categories of syntax features.On top of slices,we represent these slices with graphs that characterize the data dependency and control dependency between statements.Finally,we employ the graph neural networks to learn the hidden information from these graphs and leverage the Siamese network to compute the similarity between vulnerability functions,thereby assigning CWE IDs for these vulnerabilities.The experimental results show that the proposed method is effective compared to existing methods. 展开更多
关键词 Vulnerability categorization CWE Graph representation GNN
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部