基于BERT模型的源代码漏洞检测技术研究OACSTPCD

Techniques such as code metrics,machine learning,and deep learning are commonly employed in source code vulnerability detection.However,these techniques have problems,such as their inability to retain the syntactic and semantic information of the source code and the requirement of extensive expert knowledge to define vulnerability features.To cope with the problems of existing techniques,this paper proposed a source code vulnerability detection model based on BERT(bidirectional encoder representations from transformers)model.The model splits the source code to be detected into multiple small samples,converted each small sample into the form of approximate natural language,realized the automatic extraction of vulnerability features in the source code through the BERT model,and then trained a vulnerability classifier with good performance to realize the detection of multiple types of vulnerabilities in Python language.The model achieved an average detection accuracy of 99.2％,precision of 97.2％,recall of 96.2％,and an F1 score of 96.7％across various vulnerability types.This represents a performance improvement of 2％to 14％over existing vulnerability detection methods.The experimental results showed that the model was a general,lightweight and scalable vulnerability detection method.