• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Xiao Tianming, Guan Jianbo, Jian Songlei, Ren Yi, Zhang Jianfeng, Li Bao. Software Vulnerability Detection Method Based on Code Property Graph and Bi-GRU[J]. Journal of Computer Research and Development, 2021, 58(8): 1668-1685. DOI: 10.7544/issn1000-1239.2021.20210297
Citation: Xiao Tianming, Guan Jianbo, Jian Songlei, Ren Yi, Zhang Jianfeng, Li Bao. Software Vulnerability Detection Method Based on Code Property Graph and Bi-GRU[J]. Journal of Computer Research and Development, 2021, 58(8): 1668-1685. DOI: 10.7544/issn1000-1239.2021.20210297
shu

Software Vulnerability Detection Method Based on Code Property Graph and Bi-GRU

  • (College of Computer Science and Technology, National University of Defense Technology, Changsha 410073)

Funds: This work was supported by the National Natural Science Foundation of China (61872444, U19A2060) and the National Key Research and Development Program of China (2018YFB0204301).
More Information
  • Published Date: July 31, 2021
    Graphical Abstract
    • Abstract
  • For large-scale and complex software nowadays, the forms of vulnerability code tend to be more diversified. Traditional vulnerability detection methods can not meet the requirements of diverse vulnerabilities because of their high degree of human participation and weak ability of unknown vulnerability detection. In order to improve the detection effect of unknown vulnerability, a large number of machine learning methods have been applied to the field of software vulnerability detection. Due to the high loss of syntax and semantic information in code representation, the false positive rate and false negative rate are high. To solve this issue, a software vulnerability detection method based on code property graph and Bi-GRU is proposed. This method extracts the abstract syntax tree sequence and the control flow graph sequence from the code property graph of the function as the representation method of the function representation. The representation method can reduce the loss of information in the code representation. At the same time, the method selects Bi-GRU to build feature extraction model. It can improve the feature extraction ability of vulnerability code. Experimental results show that, compared with the method represented by abstract syntax tree, this method can improve the accuracy and recall by 35% and 22%. It can improve the vulnerability detection effect of real data set for multiple software source code mixing, and effectively reduce the false positive rate and false negative rate.
    • FullText(HTML)
    • References (0)
    • Related Articles

  • Related Articles

    [1]Zhang Lu, Cao Feng, Liang Xinyan, Qian Yuhua. Cross-Modal Retrieval with Correlation Feature Propagation[J]. Journal of Computer Research and Development, 2022, 59(9): 1993-2002. DOI: 10.7544/issn1000-1239.20210475
    [2]Yan Mingyu, Li Han, Deng Lei, Hu Xing, Ye Xiaochun, Zhang Zhimin, Fan Dongrui, Xie Yuan. A Survey on Graph Processing Accelerators[J]. Journal of Computer Research and Development, 2021, 58(4): 862-887. DOI: 10.7544/issn1000-1239.2021.20200110
    [3]Zhang Yixuan, Guo Bin, Liu Jiaqi, Ouyang Yi, Yu Zhiwen. app Popularity Prediction with Multi-Level Attention Networks[J]. Journal of Computer Research and Development, 2020, 57(5): 984-995. DOI: 10.7544/issn1000-1239.2020.20190672
    [4]Hai Mo, Zhu Jianming. A Propagation Mechanism Combining an Optimal Propagation Path and Incentive in Blockchain Networks[J]. Journal of Computer Research and Development, 2019, 56(6): 1205-1218. DOI: 10.7544/issn1000-1239.2019.20180419
    [5]Li Qin, Zhu Yanchao, Liu Yi, Qian Depei. Accelerator Support in YARN Cluster[J]. Journal of Computer Research and Development, 2016, 53(6): 1263-1270. DOI: 10.7544/issn1000-1239.2016.20148351
    [6]LiFeng, PanJingkui. Human Motion Recognition Based on Triaxial Accelerometer[J]. Journal of Computer Research and Development, 2016, 53(3): 621-631. DOI: 10.7544/issn1000-1239.2016.20148159
    [7]Zhu Xiang, Jia Yan, Nie Yuanping, Qu Ming. Event Propagation Analysis on Microblog[J]. Journal of Computer Research and Development, 2015, 52(2): 437-444. DOI: 10.7544/issn1000-1239.2015.20140187
    [8]Wang Yuewu, Jing Jiwu, Xiang Ji, and Liu Qi. Contagion Worm Propagation Simulation and Analysis[J]. Journal of Computer Research and Development, 2008, 45(2): 207-216.
    [9]Li Aiguo, Hong Bingrong, Wang Si, Piao Songhao. Error Propagation Analysis in Software[J]. Journal of Computer Research and Development, 2007, 44(11): 1962-1970.
    [10]Hu Wei and Qin Kaihuai. A New Rendering Technology of GPU-Accelerated Radiosity[J]. Journal of Computer Research and Development, 2005, 42(6): 945-950.

  • Cited by

    Periodical cited type(4)

    1. 刘艳君,牛丽平. 采用改进积分反演法的四旋翼无人机容错控制. 计算机应用与软件. 2022(06): 70-75+95 .
    2. 宋伟中,王行业,王宁. 一种面向无人机区域协同覆盖的感知任务分配方法. 计算机应用与软件. 2021(05): 75-81 .
    3. 马昊鹏,刘由之,李荣军,阎华,杨卫民. 无人机航母系统的构建与应用. 科技创新与应用. 2020(01): 37-40+43 .
    4. 李鹏举,毛鹏军,耿乾,黄传鹏,方骞,张家瑞. 无人机集群技术研究现状与趋势. 航空兵器. 2020(04): 25-32 .

    Other cited types(4)

Catalog

    Get Citation
    PDF
    XML
    Article views (773) PDF downloads (364) Cited by(8)
    Turn off MathJax
    Article Contents
    Abstract
    Related Articles
    Email Alert RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    Copyright © Editorial Department of Computer Research and Development

    Supported by: Beijing Renhe Information Technology Co., Ltd. Baidu Analytics

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return