Source code vulnerability detection method based on graph convolution network

Abstract

The invention relates to a source code vulnerability automatic detection method based on a graph convolution network. In the training phase, carrying out data acquisition and data preprocessing; judging whether the source code is called by a sink method or not; calling a sink method to perform data flow analysis, constructing a code attribute graph, calculating an adjacent matrix and a feature matrix of the code attribute graph, labeling the code attribute graph, taking the adjacent matrix and the feature matrix in the code attribute graph as input of a graph convolution network, and trainingthe graph convolution network to obtain a trained network model; in the test stage, carrying out data acquisition and data preprocessing; judging whether the source code is called by a sink method ornot; and performing data flow analysis, constructing a code attribute graph, calculating an adjacent matrix and a feature matrix of the code attribute graph, inputting the trained graph convolutionalnetwork model, outputting a classification result of the code attribute graph, and representing whether the code attribute graph has vulnerabilities or not, i.e., whether the corresponding sink methodcall contains the vulnerabilities or not.

Description

technical field [0001] The invention belongs to the technical field of computer network security, and relates to loophole detection in source code, in particular to a source code loophole detection method based on graph convolution network, which can automatically scan the source code for loopholes, and judge whether the source code contains loopholes , and report the location of the vulnerability, which provides technical support for the subsequent research on the automatic detection of code vulnerabilities. Background technique [0002] Hidden vulnerabilities in software can cause security problems, allowing attackers to compromise computer systems and applications. Thousands of such vulnerabilities are publicly reported to the Common Vulnerabilities and Exposures Database (CVE) every year, and many more are found and patched internally in proprietary code. As seen in many recent high-profile attacks such as the HeartBleedBug, the Wannacry ransomware password worm, and th...

AI Technical Summary

Problems solved by technology

[0012] Aiming at the technical problem that the existing source code vulnerability static detection technology cannot use the graph representation method and the machine learning method at the same time, the purpose of the present invention is to provide a graph-based The source code vulnerability automatic detection method of the product network, the method represents the source code with a graph, and performs machine learning training on the graph, and realizes the function of detecting the vulnerability of the target source code and reporting the exact location of the vulnerability, and the false negative rate and a lower false positive rate

Images