湖南大学学报(自然科学版)2025,Vol.52Issue(4):103-113,11.DOI:10.16339/j.cnki.hdxbzkb.2025270
基于深度学习的混合语言源代码漏洞检测方法
DL-HLVD:Deep Learning-based Hybrid Language Source Code Vulnerability Detection Method
摘要
Abstract
The existing deep learning-based source code vulnerability detection methods mainly focus on the feature learning of a single programming language,and it is difficult to effectively detect the vulnerabilities caused by the association and invocation of code units in software projects of hybrid programming languages.To address this issue,a deep learning-based hybrid language vulnerability detection method DL-HLVD is proposed.Firstly,the BERT layer is used to convert the code text into low-dimensional vectors,which are then used as inputs to the bidirectional gated loop unit to capture the contextual features,and the conditional random field is used to capture the dependency between adjacent labels.Secondly,functions from different types of programming languages are identified as named entity recognition in the hybrid software and reconstructed with the program slicing results to reduce the loss of syntactic and semantic information in the code characterization process.Finally,the bidirectional long short-term memory network model is designed to extract the vulnerability code features and realize the vulnerability detection of hybrid language software.The comprehensive experimental results on the SARD and CrossVul datasets show that the comprehensive recall rate of DL-HLVD on the two types of vulnerability datasets is 95.0%,and the F1 value reaches 93.6%,which is improved in all indicators compared with the VulDeePecker,SySeVR,and Project Achilles.It demonstrates that the DL-HLVD method can improve the comprehensive performance of source code vulnerability detection in hybrid language scenarios.关键词
漏洞检测/命名实体识别/程序切片/混合语言Key words
vulnerability detection/named entity recognition/program slicing/hybrid language分类
信息技术与安全科学引用本文复制引用
张学军,郭梅凤,张潇,张斌,黄海燕,蔡特立..基于深度学习的混合语言源代码漏洞检测方法[J].湖南大学学报(自然科学版),2025,52(4):103-113,11.基金项目
国家自然科学基金资助项目(61762058),National Natural Science Foundation of China(61762058) (61762058)
甘肃省教育厅产业支撑项目(2022CYZC-38),Industrial Support Project of Gansu Provincial Department of Education(2022CYZC-38) (2022CYZC-38)
国家电网科技项目(W32KJ2722010,522722220013),State Grid Science and Technology Project(W32KJ2722010,522722220013) (W32KJ2722010,522722220013)
甘肃省重点研发计划项目(25YEFA089),Key Research and Development Project of Gansu Province(25YEFA089) (25YEFA089)
