Journal of Computer Applications ›› 2022, Vol. 42 ›› Issue (6): 1814-1821.DOI: 10.11772/j.issn.1001-9081.2021091691
Special Issue: 第十八届CCF中国信息系统及应用大会
• The 18th CCF Conference on Web Information Systems and Applications • Previous Articles Next Articles
Min WEN1,2, Rongcun WANG1,2,3(), Shujuan JIANG1,2
Received:
2021-09-29
Revised:
2021-11-16
Accepted:
2021-11-17
Online:
2022-04-15
Published:
2022-06-10
Contact:
Rongcun WANG
About author:
WEN Min,born in 1996,M. S. candidate. Her research interests include vulnerability detection.Supported by:
通讯作者:
王荣存
作者简介:
文敏(1996—),女,湖南邵东人,硕士研究生,主要研究方向:漏洞检测基金资助:
CLC Number:
Min WEN, Rongcun WANG, Shujuan JIANG. Source code vulnerability detection based on relational graph convolution network[J]. Journal of Computer Applications, 2022, 42(6): 1814-1821.
文敏, 王荣存, 姜淑娟. 基于关系图卷积网络的源代码漏洞检测[J]. 《计算机应用》唯一官方网站, 2022, 42(6): 1814-1821.
Add to citation manager EndNote|Ris|BibTeX
URL: https://www.joca.cn/EN/10.11772/j.issn.1001-9081.2021091691
类型 | 边类型 |
---|---|
数据依赖边 | DEF |
USE | |
REACHES | |
控制依赖边 | FLOWS_TO |
CONTROLS |
Tab. 1 Edge types
类型 | 边类型 |
---|---|
数据依赖边 | DEF |
USE | |
REACHES | |
控制依赖边 | FLOWS_TO |
CONTROLS |
开源库 | Vul | Non-vul |
---|---|---|
总计 | 12 460 | 14 858 |
FFmpeg | 4 981 | 4 788 |
QEMU | 7 479 | 10 070 |
Tab. 2 Statistics of vulnerability dataset
开源库 | Vul | Non-vul |
---|---|---|
总计 | 12 460 | 14 858 |
FFmpeg | 4 981 | 4 788 |
QEMU | 7 479 | 10 070 |
方法 | Vul | Non-vul | 合计 |
---|---|---|---|
VulDeepecker | 9 117 | 9 875 | 18 992 |
文献[ | 5 921 | 8 129 | 14 050 |
本文方法 | 11 905 | 9 713 | 21 618 |
Tab. 3 Datasets generated by different methods
方法 | Vul | Non-vul | 合计 |
---|---|---|---|
VulDeepecker | 9 117 | 9 875 | 18 992 |
文献[ | 5 921 | 8 129 | 14 050 |
本文方法 | 11 905 | 9 713 | 21 618 |
方法 | ||||
---|---|---|---|---|
Flawfinder | 54.33 | 49.77 | 14.65 | 22.64 |
VulDeepecker | 58.57 | 53.60 | 62.73 | 57.18 |
CDT+GCN | 54.41 | 45.18 | 37.94 | 41.25 |
CDT+RGCN | 56.40 | 48.70 | 63.41 | 55.09 |
Joern+GCN | 52.20 | 46.74 | 45.02 | 45.86 |
Joern+RGCN(本文) | 58.99 | 52.91 | 80.27 | 63.78 |
Tab. 4 Performance comparison of different methods
方法 | ||||
---|---|---|---|---|
Flawfinder | 54.33 | 49.77 | 14.65 | 22.64 |
VulDeepecker | 58.57 | 53.60 | 62.73 | 57.18 |
CDT+GCN | 54.41 | 45.18 | 37.94 | 41.25 |
CDT+RGCN | 56.40 | 48.70 | 63.41 | 55.09 |
Joern+GCN | 52.20 | 46.74 | 45.02 | 45.86 |
Joern+RGCN(本文) | 58.99 | 52.91 | 80.27 | 63.78 |
1 | 吴世忠,郭涛,董国伟,等. 软件漏洞分析技术进展[J]. 清华大学学报(自然科学版), 2012, 52(10): 1309-1319. |
WU S Z, GUO T, DONG G W, et al. Software vulnerability analyses: a road map[J]. Journal of Tsinghua University (Science and Technology), 2012, 52(10): 1309-1319. | |
2 | 李舟军,张俊贤,廖湘科,等. 软件安全漏洞检测技术[J]. 计算机学报, 2015, 38(4): 717-732. 10.3724/SP.J.1016.2015.00717 |
LI Z J, ZHANG J X, LIAO X K, et al. Survey of software vulnerability detection techniques[J]. Chinese Journal of Computers, 2015, 38(4): 717-732. 10.3724/SP.J.1016.2015.00717 | |
3 | 李珍,邹德清,王泽丽,等. 面向源代码的软件漏洞静态检测综述[J]. 网络与信息安全学报, 2019, 5(1): 1-14. 10.11959/j.issn.2096-109x.2019001 |
LI Z, ZOU D Q, WANG Z L, et al. Survey on static software vulnerability detection for source code[J]. Chinese Journal of Network and Information Security, 2019, 5(1): 1-14. 10.11959/j.issn.2096-109x.2019001 | |
4 | CADAR C, DUNBAR D, ENGLER D. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs[C]// Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation. Berkeley: USENIX Association, 2008: 209-224. |
5 | CHIPOUNOV V, KUZNETSOV V, CANDEA G. S2E: a platform for in-vivo multi-path analysis of software systems[C]// Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems. New York: ACM, 2011: 265-278. 10.1145/1950365.1950396 |
6 | BALDONI R, COPPA E, D’ELIA D C, et al. A survey of symbolic execution techniques[J]. ACM Computing Surveys, 2018, 51(3): No.50. 10.1145/3182657 |
7 | GODEFROID P, LEVIN M Y, MOLNAR D A. Automated whitebox fuzz testing[C/OL]// Proceedings of the 2008 Network and Distributed System Security Symposium. [2021-03-14]. . 10.1145/2093548.2093564 |
8 | 李韵,黄辰林,王中锋,等. 基于机器学习的软件漏洞挖掘方法综述[J]. 软件学报, 2020, 31(7): 2040-2061. 10.13328/j.cnki.jos.006055 |
LI Y, HUANG C L, WANG Z F, et al. Survey of software vulnerability mining methods based on machine learning[J]. Journal of Software, 2020, 31(7): 2040-2061. 10.13328/j.cnki.jos.006055 | |
9 | 孙鸿宇,何远,王基策,等. 人工智能技术在安全漏洞领域的应用[J]. 通信学报, 2018, 39(8): 1-17. 10.11959/j.issn.1000-436x.2018137 |
SUN H Y, HE Y, WANG J C, et al. Application of artificial intelligence technology in the field of security vulnerability[J]. Journal on Communications, 2018, 39(8): 1-17. 10.11959/j.issn.1000-436x.2018137 | |
10 | SHIN Y, WILLIAMS L. Can traditional fault prediction models be used for vulnerability prediction?[J]. Empirical Software Engineering, 2013, 18(1): 25-59. 10.1007/s10664-011-9190-8 |
11 | YOUNIS A, MALAIYA Y, ANDERSON C, et al. To fear or not to fear that is the question: code characteristics of a vulnerable function with an existing exploit[C]// Proceedings of the 6th ACM Conference on Data and Application Security and Privacy. New York: ACM, 2016: 97-104. 10.1145/2857705.2857750 |
12 | WALDEN J, STUCKMAN J, SCANDARIATO R. Predicting vulnerable components: software metrics vs text mining[C]// Proceedings of the IEEE 25th International Symposium on Software Reliability Engineering. Piscataway: IEEE, 2014: 23-33. 10.1109/issre.2014.32 |
13 | SHIN Y, MENEELY A, WILLIAMS L, et al. Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities[J]. IEEE Transactions on Software Engineering, 2011, 37(6): 772-787. 10.1109/tse.2010.81 |
14 | BOSU A, CARVER J, HAFIZ M, et al. Identifying the characteristics of vulnerable code changes: an empirical study[C]// Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. New York: ACM, 2014: 257-268. 10.1145/2635868.2635880 |
15 | 王飞雪,李芳. 基于激活漏洞能力条件的软件漏洞自动分类框架[J]. 重庆理工大学学报(自然科学版), 2019, 33(5): 154-160. |
WANG F X, LI F. Software vulnerability automatic classification framework based on activation vulnerability conditions[J]. Journal of Chongqing University of Technology (Natural Science), 2019, 33(5): 154-160. | |
16 | YAMAGUCHI F, LOTTMANN M, RIECK K. Generalized vulnerability extrapolation using abstract syntax trees[C]// Proceedings of the 28th Annual Computer Security Applications Conference. New York: ACM, 2012: 359-368. 10.1145/2420950.2421003 |
17 | RUSSELL R, KIM L, HAMILTON L, et al. Automated vulnerability detection in source code using deep representation learning[C]// Proceedings of the 17th IEEE International Conference on Machine Learning and Applications. Piscataway: IEEE, 2018: 757-762. 10.1109/icmla.2018.00120 |
18 | DUAN X, WU J Z, JI S L, et al. VulSniper: focus your attention to shoot fine-grained vulnerabilities[C]// Proceedings of the 28th International Joint Conference on Artificial Intelligence. California: ijcai.org, 2019: 4665-4671. 10.24963/ijcai.2019/648 |
19 | LI Z, ZOU D Q, XU S H, et al. VulDeePecker: a deep learning-based system for vulnerability detection[C/OL]// Proceedings of the 2018 Network and Distributed Systems Security Symposium. [2021-03-14]. . 10.14722/ndss.2018.23158 |
20 | 孔维星,叶贵鑫,王焕廷,等.一种基于图卷积网络的源代码漏洞检测方法:中国, 202010168037.0[P]. 2020-07-28. |
KONG W X, YE G X, WANG H T, et al. A source code vulnerability detection method based on graph convolution network: CN, 202010168037.0[P]. 2020-07-28. | |
21 | YAMAGUCHI F, GOLDE N, ARP D, et al. Modeling and discovering vulnerabilities with code property graphs[C]// Proceedings of the 2014 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2014: 590-604. 10.1109/sp.2014.44 |
22 | MOONEN L. Generating robust parsers using island grammars[C]// Proceedings of the 8th Working Conference on Reverse Engineering. Piscataway: IEEE, 2001: 13-22. 10.1109/wcre.2001.957806 |
23 | KIPF T N, WELLING M. Semi-supervised classification with graph convolutional networks[EB/OL]. (2017-02-22) [2021-04-14].. |
24 | GILMER J, SCHOENHOLZ S S, RILEY P E, et al. Neural message passing for quantum chemistry[C]// Proceedings of the 34th International Conference on Machine Learning. New York: JMLR.org, 2017: 1263-1272. |
25 | SCHLICHTKRULL M, KIPF T N, BLOEM P, et al. Modeling relational data with graph convolutional networks[C]// Proceedings of the 2018 European Semantic Web Conference, LNCS 10843/LNISA 10843. Cham: Springer, 2018: 593-607. 10.1007/978-3-319-93417-4_38 |
26 | LE Q, MIKOLOV T. Distributed representations of sentences and documents[C]// Proceedings of the 31st International Conference on Machine Learning. New York: JMLR.org, 2014: 1188-1196. |
27 | ISPIROVA G, EFTIMOV T, SELJAK B K. Comparing semantic and nutrient value similarities of recipes[C]// Proceedings of the 2019 IEEE International Conference on Big Data. Piscataway: IEEE, 2019: 5131-5139. 10.1109/bigdata47090.2019.9006080 |
28 | ZHOU Y Q, LIU S Q, SIOW J, et al. Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks[C/OL]// Proceedings of the 33rd Conference on Neural Information Processing Systems. [2021-01-12].. |
29 | ZOU D Q, WANG S J, XU S H, et al. μVulDeePecker: a deep learning-based system for multiclass vulnerability detection[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(5): 2224-2236. |
30 | LI Z, ZOU D Q, XU S H, et al. SySeVR: a framework for using deep learning to detect software vulnerabilities[J]. IEEE Transactions on Dependable and Secure Computing, 2021(Early Access): 3051525. 10.1109/tdsc.2021.3051525 |
[1] | Shunyong LI, Shiyi LI, Rui XU, Xingwang ZHAO. Incomplete multi-view clustering algorithm based on self-attention fusion [J]. Journal of Computer Applications, 2024, 44(9): 2696-2703. |
[2] | Jing QIN, Zhiguang QIN, Fali LI, Yueheng PENG. Diagnosis of major depressive disorder based on probabilistic sparse self-attention neural network [J]. Journal of Computer Applications, 2024, 44(9): 2970-2974. |
[3] | Xiyuan WANG, Zhancheng ZHANG, Shaokang XU, Baocheng ZHANG, Xiaoqing LUO, Fuyuan HU. Unsupervised cross-domain transfer network for 3D/2D registration in surgical navigation [J]. Journal of Computer Applications, 2024, 44(9): 2911-2918. |
[4] | Yexin PAN, Zhe YANG. Optimization model for small object detection based on multi-level feature bidirectional fusion [J]. Journal of Computer Applications, 2024, 44(9): 2871-2877. |
[5] | Yunchuan HUANG, Yongquan JIANG, Juntao HUANG, Yan YANG. Molecular toxicity prediction based on meta graph isomorphism network [J]. Journal of Computer Applications, 2024, 44(9): 2964-2969. |
[6] | Yuhan LIU, Genlin JI, Hongping ZHANG. Video pedestrian anomaly detection method based on skeleton graph and mixed attention [J]. Journal of Computer Applications, 2024, 44(8): 2551-2557. |
[7] | Yanjie GU, Yingjun ZHANG, Xiaoqian LIU, Wei ZHOU, Wei SUN. Traffic flow forecasting via spatial-temporal multi-graph fusion [J]. Journal of Computer Applications, 2024, 44(8): 2618-2625. |
[8] | Qianhong SHI, Yan YANG, Yongquan JIANG, Xiaocao OUYANG, Wubo FAN, Qiang CHEN, Tao JIANG, Yuan LI. Multi-granularity abrupt change fitting network for air quality prediction [J]. Journal of Computer Applications, 2024, 44(8): 2643-2650. |
[9] | Zheng WU, Zhiyou CHENG, Zhentian WANG, Chuanjian WANG, Sheng WANG, Hui XU. Deep learning-based classification of head movement amplitude during patient anaesthesia resuscitation [J]. Journal of Computer Applications, 2024, 44(7): 2258-2263. |
[10] | Huanhuan LI, Tianqiang HUANG, Xuemei DING, Haifeng LUO, Liqing HUANG. Public traffic demand prediction based on multi-scale spatial-temporal graph convolutional network [J]. Journal of Computer Applications, 2024, 44(7): 2065-2072. |
[11] | Zhi ZHANG, Xin LI, Naifu YE, Kaixi HU. DKP: defending against model stealing attacks based on dark knowledge protection [J]. Journal of Computer Applications, 2024, 44(7): 2080-2086. |
[12] | Yiqun ZHAO, Zhiyu ZHANG, Xue DONG. Anisotropic travel time computation method based on dense residual connection physical information neural networks [J]. Journal of Computer Applications, 2024, 44(7): 2310-2318. |
[13] | Song XU, Wenbo ZHANG, Yifan WANG. Lightweight video salient object detection network based on spatiotemporal information [J]. Journal of Computer Applications, 2024, 44(7): 2192-2199. |
[14] | Xun SUN, Ruifeng FENG, Yanru CHEN. Monocular 3D object detection method integrating depth and instance segmentation [J]. Journal of Computer Applications, 2024, 44(7): 2208-2215. |
[15] | Yajuan ZHAO, Fanjun MENG, Xingjian XU. Review of online education learner knowledge tracing [J]. Journal of Computer Applications, 2024, 44(6): 1683-1698. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||