计算机工程与应用 ›› 2023, Vol. 59 ›› Issue (22): 293-299.DOI: 10.3778/j.issn.1002-8331.2207-0361

• 网络、通信与安全 • 上一篇    下一篇

基于残差门控图卷积网络的源代码漏洞检测

张俊,李山山,李磊,王浩宇   

  1. 武汉工程大学 智能机器人湖北省重点实验室,武汉 430205
  • 出版日期:2023-11-15 发布日期:2023-11-15

Source Code Vulnerability Detection Based on Residual Gated Graph Convolutional Networks

ZHANG Jun, LI Shanshan, LI Lei, WANG Haoyu   

  1. Hubei Provincial Key Laboratory of Intelligent Robots, Wuhan Institute of Technology, Wuhan 430205, China
  • Online:2023-11-15 Published:2023-11-15

摘要: 软件漏洞是导致网络安全事故的一项重要因素。针对现有静态代码分析工具存在较高的误报率与漏报率问题,提出了一种基于残差门控图卷积网络的自动化漏洞检测方法。首先将源代码转换成包含语义、语法特征信息的代码图数据,然后使用残差门控图卷积神经网络对图结构数据进行表示学习,最后训练神经网络模型来预测代码漏洞,实现了C/C++函数代码自动漏洞检测。该方法采用VDISC数据集来验证有效性,检测结果的F1值(CWE-119漏洞类型)达到了76.60%,并与基线方法相比,F1值分别提高了9.46个百分点、7.24个百分点、5.67个百分点、8.42个百分点,所提方法有效提高了漏洞检测能力,证明了该方法的有效性。

关键词: 图卷积网络, 漏洞检测, 深度学习

Abstract: Software vulnerabilities are an important factor leading to network security incidents. To address the problem of high false positive and false negative rates of existing static code analysis tools, an automated vulnerability detection method based on residual gated graph convolutional networks is proposed. Firstly, the source code is converted into code graph data containing semantic and syntactic feature information, then a residual gated graph convolutional neural network is used to learn the representation of the graph structure data, and finally a neural network model is trained to predict code vulnerabilities, enabling automatic vulnerability detection of C/C++ function code. In this paper, the method uses VDISC dataset to verify the effectiveness of the method, and the F1 value (CWE-119 vulnerability type) of the detection result reaches 76.60%, and compared with the baseline methods, the F1 value is improved by 9.46 percentage points, 7.24 percentage points, 5.67 percentage points and 8.42 percentage points respectively, and the proposed method effectively improves the vulnerability detection ability. The effectiveness of the method is proved.

Key words: graph convolutional networks, vulnerability detection, deep learning