| 注册
首页|期刊导航|计算机工程与应用|开源软件漏洞检测的混合深度学习方法

开源软件漏洞检测的混合深度学习方法

李元诚 崔亚奇 吕俊峰 来风刚 张攀

计算机工程与应用2019,Vol.55Issue(11):52-59,8.
计算机工程与应用2019,Vol.55Issue(11):52-59,8.DOI:10.3778/j.issn.1002-8331.1809-0076

开源软件漏洞检测的混合深度学习方法

Combined Deep Learning Method for Open Source Software Vulnerability Detection

李元诚 1崔亚奇 1吕俊峰 2来风刚 2张攀2

作者信息

  • 1. 华北电力大学 控制与计算机工程学院,北京 102206
  • 2. 国家电网公司信息通信分公司,北京 100761
  • 折叠

摘要

Abstract

Aiming at the problem of uneven quality or security risks of open source software, this paper proposes an open source software vulnerability detection method based on hybrid deep learning mode(l DCnnGRU). In this paper, the control flow graph is constructed with the key points in the vulnerability library as the entry point, and the code segment with the call and transfer relationship with the key point is extracted from the static code, and the code segment is digitized into a fixed length feature vector and used as the input of the DCnnGRU model. The model uses the Convolutional Neural Network(CNN)as an interface to interact with the feature vector. The Gated Recurrent Unit(GRU)is embedded in the middle of the CNN as a gating mechanism for capturing code call relationships. The DCnnGRU model first performs convolution and pooling processing, and the convolution kernel and the pooling window perform dimensionality reduction operations on the vector. Secondly, the GRU is embedded as an intermediate layer between the pooled layer and the fully connected layer, and can retain the call and transfer relationships between code data. Finally, the full connection layer is used to complete the normalization process, and the processed feature vector is sent to the softmax classifier for classification, and the output result is obtained. The experimental results verify that the DCnnGRU model has higher vulnerability detection capability than the CNN and RNN models alone. The accuracy rate is 7% higher than RNN and 3% higher than CNN.

关键词

开源软件/漏洞检测/深度学习/卷积神经网络/门控循环单元

Key words

open source software/vulnerability detection/deep learning/Convolutional Neural Network(CNN)/Gated Recurrent Uni(t GRU)

分类

信息技术与安全科学

引用本文复制引用

李元诚,崔亚奇,吕俊峰,来风刚,张攀..开源软件漏洞检测的混合深度学习方法[J].计算机工程与应用,2019,55(11):52-59,8.

基金项目

国家电网公司总部科技项目(No.SGFJXT00YJJS1800074). (No.SGFJXT00YJJS1800074)

计算机工程与应用

OA北大核心CSCDCSTPCD

1002-8331

访问量0
|
下载量0
段落导航相关论文