现代电子技术2026,Vol.49Issue(7):74-82,9.DOI:10.16652/j.issn.1004-373x.2026.07.012
融合静态和动态信息特征的代码漏洞检测研究
Research on code vulnerability detection by integrating static and dynamic information features
摘要
Abstract
In view of the fact that the solutions to DL-based learning program representation cannot capture deep and accurate program semantic information,resulting in false positive during prediction,this paper proposes a model CL-Mamba which combines contrastive learning and Mamba.This model optimizes the code semantic representation and context understanding capabilities by integrating static information such as abstract syntax tree(AST),data-flow graph(DFG),and control-flow graph(CFG)with dynamic information of symbolic execution paths,and combining contrastive learning and Mamba architecture.Unsupervised active learning technology is used to determine the subset of important paths for collecting dynamic symbolic execution trajectories,so as to reduce the overhead of symbolic execution.The model performance is verified experimentally on three datasets and compared with multiple methods,which proves that the proposed model has significant advantages in eliminating false positive and improving detection accuracy.To sum up,this method is an efficient software security analysis tool.关键词
Java代码漏洞检测/深度学习/Mamba/主动学习/对比学习/路径选择Key words
Java code vulnerability detection/deep learning/Mamba/active learning/contrastive learning/path selection分类
信息技术与安全科学引用本文复制引用
陈万其,昝风彪,刘昕..融合静态和动态信息特征的代码漏洞检测研究[J].现代电子技术,2026,49(7):74-82,9.基金项目
青海省"昆仑英才·高端创新创业人才"项目 ()
海南州智慧环保示范基地数据可视化平台建设项目(2024-HN-P03) (2024-HN-P03)
