|
Nowadays, the scale of software is getting larger and more complex. The forms of vulnerability also tend to be more diversified. Traditional vulnerability detection methods have the disadvantages of high manual participation and weak ability to detect unknown vulnerabilities. It can no longer meet the detection requirements of diversified vulnerabilities. In order to improve the detection effect of unknown vulnerabilities, A large number of machine learning methods have been applied to the field of software vulnerability detection. Because the existing methods have high loss of syntax and semantic information in the process of code representation, Lead to high false alarm rate and false alarm rate. To solve this problem, this paper presents a software vulnerability detection method based on code attribute graph and Bi-LSTM (Long Short-Term Memory), in which abstract syntax tree sequence and control flow graph sequence are extracted from the code attribute graph of function, Reduce the loss of information in the process of code representation, Bi-LSTM is selected to build a feature extraction model, Experimental results show that, compared with the method based on abstract syntax tree, this method can greatly improve the accuracy and recall of vulnerability detection, improve the vulnerability detection effect for real data sets mixed with multiple software source codes, and effectively reduce the false positive rate and false negative rate.
|
