基于深度学习的软件安全漏洞挖掘
Software Security Vulnerability Mining Based on Deep Learning
-
摘要: 软件的高复杂性和安全漏洞的形态多样化给软件安全漏洞研究带来了严峻的挑战.传统的漏洞挖掘方法效率低下且存在高误报和高漏报等问题,已经无法满足日益增长的软件安全性需求.目前,大量的研究工作尝试将深度学习应用于漏洞挖掘领域,以实现自动化和智能化漏洞挖掘.对深度学习应用于安全漏洞挖掘领域进行了深入的调研和分析.首先,通过梳理和分析基于深度学习的软件安全漏洞挖掘现有研究工作,概括其一般工作框架和技术方法;其次,以深度特征表示为切入点,分类阐述和归纳不同代码表征形式的安全漏洞挖掘模型;然后,分别探讨基于深度学习的软件安全漏洞挖掘模型在具体领域的应用,并重点关注物联网和智能合约安全漏洞挖掘;最后,依据对现有研究工作的整理和总结,指出该领域面临的不足与挑战,并对未来的研究趋势进行展望.Abstract: The increasing complexity of software and the diversified forms of security vulnerabilities have brought severe challenges to the research of software security vulnerabilities. Traditional vulnerability mining methods are inefficient and have problems such as high false positives and high false negatives, which have been unable to meet the increasing demands for software security. At present, a lot of research works have attempted to apply deep learning to the field of vulnerability mining to realize automated and intelligent vulnerability mining. This review conducts an in-depth investigation and analysis of the deep learning methods applied to the field of software security vulnerability mining. First, through collecting and analyzing existing research works of software security vulnerability mining based on deep learning, its general work framework and technical route are summarized. Subsequently, starting from the extraction of deep features, security vulnerability mining works with different code representation forms are classified and discussed. Then, specific areas of deep learning based software security vulnerability mining works are discussed systematically, especially in the field of the Internet of Things and smart contract security. Finally, based on the summary of existing research works, the challenges and opportunities in this filed are discussed, and the future research trends are presented.