Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Function-level software vulnerability detection method

A software vulnerability and detection method technology, applied in neural learning methods, electrical digital data processing, biological neural network models, etc., can solve problems such as lack of generalization ability, and achieve the effect of saving manpower and material resources

Pending Publication Date: 2019-04-19
杭州英视信息科技有限公司
View PDF5 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It adopts taint analysis technology, taint data, that is, deformed data, is different in each software project, and some software vulnerabilities cannot be reflected through deformed data, so it does not solve the problem that current software vulnerability detection solutions lack generalization capabilities question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Function-level software vulnerability detection method
  • Function-level software vulnerability detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0020] A function-level software vulnerability detection method, such as figure 1 As shown, it is a flow chart of the vulnerability detection method of Embodiment 1. This embodiment includes the following steps: A) Import training code, the vulnerability of the training code is known; B) Obtain the abstract semantic tree of the training code, and extract the elements of the abstract semantic tree one by one Form a one-dimensional vector, called the initial feature vector; C) unify the function names and variable names contained in the initial feature vector; D) intercept the first N elements of the feature vector processed in step B as the original feature; E) Input the original features into the trained bidirectional cyclic neural network (Bi-LSTM) to obtain the feature expression; F) use the feature expression and the known vulnerabilities of the training code as training data to train the neural network model; G) use the software code to be detected Obtain the feature expre...

Embodiment 2

[0026] A function-level software vulnerability detection method. This embodiment specifically improves the training method of the bidirectional cyclic neural network (Bi-LSTM). In this embodiment, the training method of the bidirectional cyclic neural network (Bi-LSTM) is: E1 ) Obtain the software source code and security vulnerability information of known security vulnerability information; E2) Extract the code segment corresponding to each security vulnerability; E3) Manually write several extended codes with the same security vulnerabilities as the several code segments obtained in step E2 Segment, the several code segments obtained in step E2 and their extended code segments written by humans with the same security vulnerability, respectively obtain their original features according to steps B-D; E4) use the code segment to mark the original code segment and its extended code segment Features as training sample data; E5) Use the training sample data obtained in step E4 to t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of software security vulnerability detection, in particular to a function-level software vulnerability detection method, which comprises the following steps of: A) importing a training code; B) obtaining an abstract semantic tree of the training code to form an initial feature vector; C) unifying the function name and the variable name; D) obtaining original features; E) obtaining a characteristic expression; F) training a neural network model; And G) obtaining the feature expression of the to-be-detected software code, and inputting the to-be-detected feature expression into the neural network model trained in the step F to obtain a vulnerability detection result. The substantial effects of the invention are as follows: the scheme uses a seriesof simple methods to cooperate with Bi-; The LSTM neural network is used for processing codes, advanced abstract semantic features of functions can be directly extracted, manpower and material resources are saved, and cross-project vulnerability detection can be implemented through the extracted advanced abstract semantic features.

Description

technical field [0001] The invention relates to the technical field of software security loophole detection, in particular to a function-level software loophole detection method. Background technique [0002] As a preventive attack defense measure, software vulnerability detection technology has attracted much attention in the field of computer security. From the perspective of whether it is necessary to run the software system when implementing the detection, the existing software defect and vulnerability detection can be divided into three types: static, dynamic and hybrid technologies. Static analysis techniques such as rule-based matching and symbolic execution are implemented by analyzing software source code. Dynamic software analysis techniques usually include fuzzing and taint analysis techniques. These techniques mainly focus on analyzing possible vulnerabilities while the software is running. Hybrid analysis technology combines the advantages of static and dynam...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/57G06N3/08
CPCG06F21/563G06F21/577G06N3/084
Inventor 项阳张军王宇项亮
Owner 杭州英视信息科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com