Improving and enhancing the effectiveness of software vulnerabilitydetection methods is urgently needed today. In this study, we propose a new source code vulnerability detection method based on intelligent and advan...
详细信息
Improving and enhancing the effectiveness of software vulnerabilitydetection methods is urgently needed today. In this study, we propose a new source code vulnerability detection method based on intelligent and advanced computational algorithms. It's a combination of four main processing techniques including (i) source Embedding, (ii) Feature Learning, (iii) Resampling Data, and (iv) Classification. The source Embedding method will perform the task of analyzing and standardizing the sourcecode based on the Joern tool and the data mining algorithm. The Feature Learning model has the function of aggregating and extracting sourcecode attribute based on node using machine learning and deep learning methods. The Resampling Data technique will perform equalization of the experimental dataset. Finally, the Classification model has the function of detecting sourcecode vulnerabilities. The novelty and uniqueness of the new intelligent cognitive computing method is the combination and synchronous use of many different data extracting techniques to compute, represent, and extract the properties of the sourcecode. With this new calculation method, many significant unusual properties and features of the vulnerability have been synthesized and extracted. To prove the superiority of the proposed method, we experiment to detect sourcecode vulnerabilities based on the Verum dataset, details of this part are presented in the experimental section. The experimental results show that the method proposed in the paper has brought good results on all measures. These results have shown to be the best research results for the source code vulnerability detection task using the Verum dataset according to our survey to date. With such results, the proposal in this study is not only meaningful in terms of science but also in practical terms when the method of using intelligent cognitive computing techniques to analyze and evaluate sourcecode has helped to improve the efficiency of the sou
Detecting sourcecode vulnerabilities is an essential issue today. In this paper, to improve the efficiency of detecting vulnerabilities in software written in C/C++, we propose to use a combination of Deep Graph Conv...
详细信息
Detecting sourcecode vulnerabilities is an essential issue today. In this paper, to improve the efficiency of detecting vulnerabilities in software written in C/C++, we propose to use a combination of Deep Graph Convolutional Neural Network (DGCNN) and code property graph (CPG). Specifically, 3 main proposed phases in the research method include: phase 1: building feature profiles of sourcecode. At this step, we suggest using analysis techniques such as Word2vec, one hot encoding to standardize and analyze the sourcecode;phase 2: extracting features of sourcecode based on feature profiles. Accordingly, at this phase, we propose to use Deep Graph Convolutional Neural Network (DGCNN) model to analyze and extract features of the sourcecode;phase 3: classifying sourcecode based on the features extracted in phase 2 to find normal sourcecode and sourcecode containing security vulnerabilities. Some scenarios for comparing and evaluating the proposed method in this study compared with other approaches we have taken show the superior effectiveness of our approach. Besides, this result proves that our method in this paper is not only correct and reasonable, but it also opens up a new approach to the task of detecting sourcecode vulnerabilities.
暂无评论