Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Context-aware interpretable vulnerability detection system and method

A vulnerability detection and context technology, applied in the field of context-aware interpretable vulnerability detection system, can solve the problems of low accuracy of vulnerability detection, providing explanations, and not considering control dependencies, etc.

Pending Publication Date: 2022-07-29
YANGZHOU UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Vulnerability detection methods are divided into program analysis-based and machine learning-based. According to existing research, the vulnerability detection method based on code similarity mainly detects the vulnerabilities caused by code cloning. Not high; rule-based vulnerability detection methods require human experts to define vulnerability characteristics, the process is cumbersome and error-prone; vulnerability detection methods based on machine learning and deep learning have achieved success in recent years, but there are still many deficiencies. The learned vulnerability detection method VulDeePecker only uses the semantic information dependent on the data, without considering the control dependence; the vulnerability detection method based on software metrics, and the code metrics are based on the overall properties of the program, so the correlation with the vulnerable code itself is not strong. Poor ability
[0003] The methods of explaining complex deep learning models can be divided into two categories: white box and black box. The white box mechanism focuses on providing an explanation for a single prediction. In the white box mechanism, methods based on forward and backward propagation are often used; Method Generates explanations to approximate predictions by locally learning an interpretable model and an additive model. Following the forward-propagation approach, the GNNExplainer explainer is used to study predictions for explaining graph-structured data, which excludes certain edge and node features to observe nodes or graphs. Variations of classification. In the GNNExplainer explainer, the explained subgraphs are extracted by maximizing the mutual information between the possible subgraph distributions and the GNN's predictions. However, similar to other forward propagation methods, the GNNExplainer explainer is a single Instance predictions generate explanations, which are not sufficient to provide a global explanation for the trained GNN model, and it is also difficult to provide explanations for multiple instances

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Context-aware interpretable vulnerability detection system and method
  • Context-aware interpretable vulnerability detection system and method
  • Context-aware interpretable vulnerability detection system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] see figure 1 As shown, a context-aware interpretable vulnerability detection system provided by this embodiment includes a vulnerability data preprocessing module, a vulnerability detection model building module, a result interpretation model building module, and a vulnerability detection and interpretation module;

[0050] The vulnerability data preprocessing module is used to extract the vulnerability code from the vulnerability database to construct the vulnerability data set, and convert the vulnerability data set constructed by the vulnerability code into the first code attribute map;

[0051] The vulnerability data preprocessing module includes acquisition unit, representation unit, and synthesis unit:

[0052] The collection unit is used to collect vulnerability data from the vulnerability database NVD, including detailed information such as vulnerability types, collect code sets that may have vulnerabilities from the open source code repository GitHub, and prepr...

Embodiment 2

[0089] see figure 1 As shown, corresponding to the context-aware interpretable vulnerability detection system of Embodiment 1, Embodiment 2 provides a context-aware interpretable vulnerability detection method, which includes the following steps:

[0090] 1) Extracting the vulnerability code from the vulnerability database to construct a vulnerability dataset, and converting the vulnerability code constructing the vulnerability dataset into a first code attribute map;

[0091] 1.1) Collect vulnerability data from the vulnerability database NVD, including detailed information such as vulnerability types, collect code sets that may have vulnerabilities from the open source code repository GitHub, and preprocess the vulnerability data extracted from the database. Extract it, remove the redundant information in the data and extract the vulnerability function, clean the vulnerability data, and finally obtain the vulnerability data set;

[0092] 1.2) Perform code representation on ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a context-aware interpretable vulnerability detection system, which comprises the following steps of: extracting vulnerability codes through an open source database to construct a first code attribute graph, constructing a detection model according to the first code attribute graph, performing code representation on vulnerability code statements, generating vulnerability prediction scores, and constructing an interpretation model according to the vulnerability prediction scores. And constructing a second code attribute graph, detecting a to-be-detected vulnerability code according to the second code attribute graph, finally outputting a local optimal sub-graph as a vulnerability detection result for interpretation, and parameterizing an interpretation generation process by an interpretation model by adopting a multi-layer neural network to realize collective interpretation of a plurality of instances. The invention correspondingly provides a context-aware interpretable vulnerability detection method.

Description

technical field [0001] The invention relates to the field of software security, in particular to a context-aware interpretable vulnerability detection system and method. Background technique [0002] Vulnerability detection methods are divided into program analysis-based and machine learning-based. According to existing research, the vulnerability detection method based on code similarity mainly detects vulnerabilities caused by code cloning, and the accuracy of vulnerability detection for non-code cloning caused by code cloning. Not high; rule-based vulnerability detection methods require human experts to define vulnerability characteristics, which is cumbersome and error-prone; vulnerability detection methods based on machine learning and deep learning have achieved success in recent years, but there are still many shortcomings. The learned vulnerability detection method VulDeePecker only utilizes the semantic information of data dependence, without considering the control...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06F8/75G06F16/35G06N3/04
CPCG06F21/577G06F8/75G06F16/353G06F2221/033G06N3/047G06N3/044G06N3/045
Inventor 孙小兵袁娜鄢熔单军妍赵伽张琴曹思聪薄莉莉李斌
Owner YANGZHOU UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com