检索结果-内蒙古大学图书馆

IEEE International Symposium on Circuits and Systems (ISCAS)

作者： Du, Gewangzi Chen, Liwei Wu, Tongshuai Zheng, Xiong Shi, Gang Chinese Acad Sci Inst Informat Engn Beijing Peoples R China Univ Chinese Acad Sci Sch Cyber Secur Beijing Peoples R China

ISBN: (纸本)9798350330991;9798350331004

Deep learning is becoming an important means to detect source code vulnerabilities. However, the most severe problem is the compromise of detection performance when there is a scarcity of labeled data. Researchers employed transfer learning skills to solve the problem but existing approaches utilised limited information, which failed to contain various of vulnerability patterns. The code property graph (CPG), which encapsulates abundant syntax and semantic information, is able to accommodate more vulnerability patterns. In this paper, we propose the first CPG-based cross-domain vulnerability detection system which includes an approach to represent the CPG of code snippet into vector. A deep fusion model is devised to generate the fused deep features;Moreover, we extend a metric learning algorithm to reduce data distributions from different domains. Experimental results prove our system is much more effective compared with other state-of-the-art cross-domain approaches.

关键词： vulnerability detection cross-domain code property graph feature fusion cyber security

来源：评论

学校读者我要写书评

暂无评论

What Makefile? Detecting Compiler Information Without Source Using The code property graph 4

What Makefile? Detecting Compiler Information Without Source...

引用

IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (IEEE TPS-ISA)

作者： Deaton, Sean Blue Star & Bogart Associates Columbia MD 21045 USA

ISBN: (纸本)9781665474085

Users frequently lack access to the underlying source code and build artifacts of the programs they use. Without access, uncovering information about programs, such as compiler information or security properties, becomes a difficult task. Various methods exist for static analysis testing on source code languages, but few tools work solely with the executable machine code. This paper proposes constructing the code property graph from a program's lifted machine code to observe structural differences between other executables. We implement our approach with the Binary Ninja Intermediate Language (BNIL) and the graph2vec neural embedding framework to create embedded representations of the graphical properties of the program. Downstream applications, such as supervised machine learning, can then analyze these representations. We demonstrate the effectiveness of our approach by training a supervised random forest classifier on the embedded graphs to determine, at the function level, which compiler, clang or gcc, created the executable the function belongs to. Our results achieved an accuracy of 100% across our testing set of 25,600 samples.

关键词： compiler code property graph static analysis Binary Ninja graph2vec

来源：评论

学校读者我要写书评

暂无评论

CPGBERT: An Effective Model for Defect Detection by Learning Program Semantics via code property graph 21

CPGBERT: An Effective Model for Defect Detection by Learning...

引用

21st IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom)

作者： Liu, Jingqiang Zhu, Xiaoxi Liu, Chaoge Cui, Xiang Liu, Qixu Chinese Acad Sci Inst Informat Engn Beijing Peoples R China Univ Chinese Acad Sci Sch Cyber Secur Beijing Peoples R China Zhongguancun Lab Beijing Peoples R China

ISBN: (纸本)9781665494250

With the increasing complexity of software composition, code defects have become a long-term problem in software security. Traditional static analysis techniques cannot exhaustively enumerate all unsafe modes, and problems such as low path coverage rate brought by dynamic detection techniques make software security vulnerability detection inefficient. Methods based on Natural Language Processing have promoted the research of code defect detection tasks;however, there are problems of insufficient code semantic learning and limited data processing by pre-trained models. To solve these problems, from the perspective of enriching model input semantics and improving the model's ability to process data, based on the Transformer model, we propose a hierarchical compression encoder model CPGBERT to detect whether the target function has defects. By using the regularity of the program context and structure, the program code is sliced for the input-output variables related to the objective function and dependencies on the codes' propagation paths. Extract multiple code property graph information on rich semantics from the sliced program code for graph fusion, and embed the fused code property graph into the model by grouping. During the learning process, the independent hidden layer features are compressed and aggregated to make the model focus on the deep semantic learning of the objective function. The experiment uses the codeXGLUE benchmark dataset and compares 6 kinds of code defect detection models having better performance to perform defect detection and effect evaluation on actual engineering code. The results show that the accuracy of the CPGBERT detection model is 67.97%, which is 5.89% higher than the codeBERT model proposed by Microsoft and 1.35% higher than the state-of-the-art model CoTexT.

关键词： Software Security code Analysis Defect Detection code property graph Natural Language Processing

来源：评论

学校读者我要写书评

暂无评论

REMS: Recommending Extract Method Refactoring Opportunities via Multi-view Representation of code property graph 31

REMS: Recommending Extract Method Refactoring Opportunities ...

引用

31st IEEE/ACM International Conference on Program Comprehension (ICPC)

作者： Cui, Di Wang, Qiangqiang Wang, Siqi Chi, Jianlei Li, Jianan Wang, Lu Li, Qingshan Xidian Univ Sch Comp Sci & Technol Xian 710071 Peoples R China

ISBN: (纸本)9798350337501

Extract Method is one of the most frequently performed refactoring operations for the decomposition of large and complex methods, which can also be combined with other refactoring operations to remove a variety of design flaws. Several Extract Method refactoring tools have been proposed based on the quantification of extraction criteria. To the best of our knowledge, state-of-the-art related techniques can be broadly divided into two categories: the first line is non-machine-learning-based approaches built on heuristics, and the second line is machine learning-based approaches built on historical data. Most of these approaches characterize the extraction criteria by deriving software metrics from fine-grained code properties. However, in most cases, these metrics can be challenging to concretize, and their selections and thresholds also largely rely on expert knowledge. Thus, in this paper, we propose an approach to automatically recommend Extract Method refactoring opportunities named REMS via mining multi-view representations from code property graph. We fuse various representations together using compact bilinear pooling and further train machine learning classifiers to guide the extraction of suitable lines of code as new method. We evaluate our approach on two publicly available datasets. The results show that our approach outperforms five state-of-the-art refactoring tools including GEMS, JExtract, SEMI, JDeodorant, and Segmentation in effectiveness and usefulness. Our approach demonstrates an increase of 29% in precision, 15% in recall, and 23% in f1-measure. The results also unveil practical suggestions and provide new insights that benefit additional extract-related refactoring techniques.

关键词： Extract Method Refactoring code property graph Representation Learning

来源：评论

学校读者我要写书评

暂无评论

CPGVA: code property graph based Vulnerability Analysis by Deep Learning

CPGVA: Code Property Graph based Vulnerability Analysis by D...

引用

10th International Conference on Advanced Infocomm Technology (ICAIT)

作者： Wang Xiaomeng Zhang Tao Wu Runpu Xin Wei Hou Changyu China Informat Technol Secur Evaluat Ctr Beijing Peoples R China China Anhua Technol Ltd Co Beijing Peoples R China

ISBN: (纸本)9781538679364

The vast majority of security breaches encountered recent years are direct result of insecure source code. Therefore, the protection of software critically depends on the identification of security defect in source cod. The development and progress of relative technologies depend on the analysts' understanding of the safety issues and the accumulation of long-term experience, which provides a technical basis for the development of vulnerability analysis, but difficult to meet the growing demand of the code security industry. With the maturity of big data technology, the development of natural language processing, deep learning and data mining technology provided new ideas for vulnerability analysis. This paper exploited deep learning methods to review source code on basis of code property graph. We implemented our approach on public datasets Software Assurance Reference Dataset (SARD) of C/C++ command injection and compared with current popular methods, which proved that the proposed code property graph based vulnerability analysis by deep learning (CPGVA) method outper-formed the state of art deep learning source code defect analysis method with the improvement of about 4.5%, 4.2%, 1.7%, 7.9%, 8.1% respectively in femeasure, precision, false positive rate, true positive rate and false negative rate.

关键词： source code review code property graph deep learning vulnerability analysis stream extraction

来源：评论

学校读者我要写书评

暂无评论

Cloud property graph: Connecting Cloud Security Assessments with Static code Analysis 14

Cloud Property Graph: Connecting Cloud Security Assessments ...

引用

IEEE 14th International Conference on Cloud Computing (CLOUD)

作者： Banse, Christian Kunz, Immanuel Schneider, Angelika Weiss, Konrad Fraunhofer AISEC Garching Germany

ISBN: (纸本)9781665400602

In this paper, we present the Cloud property graph (CloudPG), which bridges the gap between static code analysis and runtime security assessment of cloud services. The CloudPG is able to resolve data flows between cloud applications deployed on different resources, and contextualizes the graph with runtime information, such as encryption settings. To provide a vendorand technology-independent representation of a cloud service's security posture, the graph is based on an ontology of cloud resources, their functionalities and security features. We show, using an example, that our CloudPG framework can be used by security experts to identify weaknesses in their cloud deployments, spanning multiple vendors or technologies, such as AWS, Azure and Kubernetes. This includes misconfigurations, such as publicly accessible storages or undesired data flows within a cloud service, as restricted by regulations such as GDPR.

关键词： cloud security cloud security assessment static code analysis code property graph configuration monitoring

来源：评论

学校读者我要写书评

暂无评论

codeSAGE: A multi-feature fusion vulnerability detection approach using code attribute graphs and attention mechanisms

引用

JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2025年 89卷

作者： Zhang, Guodong Yao, Tianyu Qin, Jiawei Li, Yitao Ma, Qiao Sun, Donghong Shenyang Aerosp Univ Sch Comp Shenyang 110000 Liaoning Peoples R China Tsinghua Univ Inst Network Sci & Cyberspace Beijing 100084 Peoples R China Coordinat Ctr China Natl Comp Network Emergency Response Tech Team Beijing 100029 Peoples R China Liaoning Branch Co Coordinat Ctr China Natl Comp Network Emergency Response Tech Team Dalian 116021 Liaoning Peoples R China

Software supply chain security is a critical aspect of modern computer security, with vulnerabilities being a significant threats. Identifying and patching these vulnerabilities promptly can significantly reduce security risks. Traditional detection methods cannot fully capture the complex structure of source code, leading to low accuracy. The neural network capacity limits machine learning-based methods, hindering effective feature extraction and impacting performance. In this paper, we propose a multi-feature fusion vulnerability detection technique called codeSAGE. The method utilizes the code property graph (CPG)1 to comprehensively display multiple logical structural relationships in the source code and combine it with graphSAGE to aggregate the information of neighboring nodes in CPG to extract local features of the source code. Meanwhile, a Bi-LSTM combined with the attention mechanism is utilized to capture long-range dependencies in the logical structure of the source code and extract global features. The attention mechanism is used to assign weights to the two features, which are then fused to represent the syntactic and semantic information of the source code for vulnerability detection. A method for simplifying the CPG is proposed to mitigate the impact of graph size on model runtime and reduce redundant feature information. Irrelevant nodes are removed by weighting different edge types and filtering nodes exceeding a certain threshold, reducing the CPG size. To verify the effectiveness of codeSAGE, comparative experiments are conducted on the SARD and codeXGLUE datasets. The experimental results show that the CPG size can be reduced by 25%-45% using the simplified method, with an average time reduction of 20% per training round. Detection accuracy reached 99.12% on the SARD dataset and 73.57% on the codeXGLUE dataset, outperforming the comparison methods.

关键词： Software supply chain security code property graph Simplification Vulnerability detection Feature fusion

来源：评论

学校读者我要写书评

暂无评论

Optimising source code vulnerability detection using deep learning and deep graph network

引用

CONNECTION SCIENCE 2025年第1期37卷

作者： Xuan, Cho Do Luong, Tran Thi Thanh, Ma Cong Posts & Telecommun Inst Technol Fac Informat Secur Hanoi Vietnam Acad Cryptog Tech Hanoi Vietnam

To enhance the effectiveness of vulnerability detection in software developed using C and C++ programming languages, our study introduces a novel correlation calculation method for analyzing and evaluating code property graphs (CPG). The intelligent computation method proposed in this study comprises three key stages. In the first stage, we present a method for extracting features from the CPG source code. To accomplish this, we integrate three distinct data exploration methods: employing graph Convolutional Neural (GCN) to extract node features from CPG, utilizing Convolutional Neural Network (CNN) to extract edge features from CPG, and finally employing the Doc2vec natural language processing algorithm to extract source code from CPG nodes. The second stage involves proposing a method for synthesizing CPG source code features. Building on the features acquired in the first stage, our paper introduces a synthesis and construction method to generate feature vectors for the source code. The final stage, stage three, executes the detection of source code vulnerabilities. The experimental results demonstrate that our proposed model in this study achieves higher efficiency compared to other studies, with an improvement ranging from 3% to 4%.

关键词： Source code vulnerability detection code property graph node feature edge feature feature profile deep learning graph network

来源：评论

学校读者我要写书评

暂无评论

A Vulnerability Detection Framework Based on graph Decomposition Fusion and Augmented Abstract Syntax Tree 25

A Vulnerability Detection Framework Based on Graph Decomposi...

引用

Proceedings of the 2025 4th International Conference on Big Data, Information and Computer Network

作者： Yalong Yu Cheng Zhang School of Computer Science and Technology Anhui University Hefei Anhui China

ISBN: (纸本)9798400712425

Nowadays, the method of using deep learning models for vulnerability detection is widely applied. Most of the methods convert the code of the program into a graph, and then use graph learning methods to get features. Although these methods have shown good accuracy in vulnerability detection, there are still some issues to be addressed: (1) When dealing with large scale functions or long codes, graph-based feature extraction methods will discard some features to meet the model input length limit. (2) Many deep learning methods convert code into code property graph (CPG). Since CPG contains a lot of function information, the model needs to extract information related to vulnerability characteristics from a lot of irrelevant information. To mitigate these issues, we use CPG's composite view approach and use augmented abstract syntax trees. Specifically, the input source code is used to build the CPG, and the abstract syntax tree AST (tree view) is decomposed from the CPG, and then the AST constructs a graph based on the augmented AST and uses graphcodeBERT to extract its features. Flow view includes control flow graph (CFG) and program dependency graph (PDG) extracted from CPG, and these graphs are extracted and fused for features. Finally, CNN is used to fuse the graph features obtained from tree view and flow view, and finally perform vulnerability classification detection.

关键词： code property graph

来源：评论

学校读者我要写书评

暂无评论

ADCPG: Classifying JavaScript code property graphs with Explanations for Ad and Tracker Blocking 23

ADCPG: Classifying JavaScript Code Property Graphs with Expl...

引用

30th ACM SIGSAC Conference on Computer and Communications Security (ACM CCS)

作者： Lee, Changmin Son, Sooel Korea Adv Inst Sci & Technol Daejeon South Korea

ISBN: (纸本)9798400700507

Advertising and tracking service (ATS) blocking has been safeguarding the privacy of millions of Internet users from privacy-invasive tracking behaviors. Previous research has proposed using a graph representation that models the structural relationships in loading web resources and then conducting ATS node classification based on this graph representation. However, these context-based ATS classification methods suffer from (1) inconsistent classification due to the varying context in which ATS resources are loaded and (2) a lack of explainability of the classification results, making it difficult to identify the code-level causes for ATS classification. We propose AdCPG, a graph neural network (GNN) framework tailored for ATS classification. Our approach focuses on classifying JavaScript ( JS) content rather than considering the loading context of web resources. Given JS files, AdCPG leverages their code property graphs (CPGs) and conducts graph classification on these CPGs that model the semantic and structural information of these JS files. To provide the explanations for ATS classification, AdCPG highlights the JS code that contributes the most to classifying the JS files into ATS using a GNN explainer. AdCPG achieved an accuracy of 98.75% on the Tranco top-10K websites, demonstrating high performance using only JS content. Upon deployment, AdCPG identified 650 JS files from 500 domains that were not detected by any ATS filter lists and previous ATS classification tools. AdCPG plays a complementary role in identifying ATS resources while providing code-level explanations, which minimizes the engineering effort required to validate ATS classification results.

关键词： web tracking web advertising code property graph graph neural networks explainable AI

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：