信息安全研究2024,Vol.10Issue(4):294-301,8.DOI:10.12379/j.issn.2096-1057.2024.04.02
基于BERT模型的源代码漏洞检测技术研究
Research on Source Code Vulnerability Detection Based on BERT Model
摘要
Abstract
Techniques such as code metrics,machine learning,and deep learning are commonly employed in source code vulnerability detection.However,these techniques have problems,such as their inability to retain the syntactic and semantic information of the source code and the requirement of extensive expert knowledge to define vulnerability features.To cope with the problems of existing techniques,this paper proposed a source code vulnerability detection model based on BERT(bidirectional encoder representations from transformers)model.The model splits the source code to be detected into multiple small samples,converted each small sample into the form of approximate natural language,realized the automatic extraction of vulnerability features in the source code through the BERT model,and then trained a vulnerability classifier with good performance to realize the detection of multiple types of vulnerabilities in Python language.The model achieved an average detection accuracy of 99.2%,precision of 97.2%,recall of 96.2%,and an F1 score of 96.7%across various vulnerability types.This represents a performance improvement of 2%to 14%over existing vulnerability detection methods.The experimental results showed that the model was a general,lightweight and scalable vulnerability detection method.关键词
漏洞检测/深度学习/Python语言/BERT模型/自然语言处理Key words
vulnerability detection/deep learning/Python language/BERT model/natural language processing分类
信息技术与安全科学引用本文复制引用
罗乐琦,张艳硕,王志强,文津,薛培阳..基于BERT模型的源代码漏洞检测技术研究[J].信息安全研究,2024,10(4):294-301,8.基金项目
中国博士后科学基金面上项目(2019M650606) (2019M650606)
中央高校基本科研业务费专项资金项目(328202203,20230045Z0114) (328202203,20230045Z0114)
北京电子科技学院一流学科建设项目(3201012) (3201012)
