摘要
源码漏洞检测是发现及定位关键系统威胁的重要手段.目前,将深度学习技术应用于源码漏洞检测已经成为研究热点.然而,由于源码漏洞样本缺失,有限的数据条件资源导致现有的源码漏洞检测方法在小样本场景下效果不佳.提出了一种基于小样本学习的源码漏洞检测方法,其目标在于为有限样本量的源码漏洞检测场景提供解决方案.该方法由4个关键部分组成:源码切片和编码、基于元学习的数据集处理、基于动态路由算法的漏洞类向量生成和基于神经张量网络的漏洞类向量匹配.该方法和卷积神经网络、原型网络、关系网络进行了对比,实验结果表明,该方法在准确率方面优于其他的方法,可以有效应对源码漏洞样本稀疏问题.在2-way 5-shot和2-way 10-shot的情况下,该方法分别达到93.92%和95.08%的准确率.
Source code vulnerability detection is an important means to discover and localize threats to critical systems.At present,the application of deep learning techniques to source generation vulnerability detection has become a research hotspot.However,due to the lack of source code vulnerability samples,limited data condition resources lead to the poor effect of existing source code vulnerability detection methods in small sample scenarios.In this paper,we propose a source code vulnerability detection method based on few-shot learning,which aims to provide a solution for source code vulnerability detection scenarios with limited sample size.The method in this paper consists of four key components:source code slicing and encoding,meta-learning based dataset processing,vulnerability class vector generation based on dynamic routing algorithms,and vulnerability class vector matching based on neural tensor networks.This paper’s method is compared with convolutional neural network,prototype network,and relational network,and the experimental results show that this paper’s method outperforms the others in terms of accuracy,and can effectively cope with the problem of sparse vulnerability samples in source code.In the case of 2-way 5-shot and 2-way 10-shot,this paper’s method achieves 93.92%and 95.08%accuracy,respectively.
作者
陈洪森
方勇
郝城凌
杨运涛
张棋
Chen Hongsen;Fang Yong;Hao Chengling;Yang Yuntao;Zhang Qi(School of Cyber Science and Engineering,Sichuan University,Chengdu 610207;Chengdu Internet Information Center,Chengdu 610041)
出处
《信息安全研究》
CSCD
北大核心
2024年第5期440-445,共6页
Journal of Information Security Research
关键词
小样本学习
漏洞检测
归纳网络
代码切片
元学习
few-shot learning
vulnerability detection
induction network
code slicing
meta-learning
作者简介
陈洪森,硕士.主要研究方向为漏洞检测.modengxian@protonmail.com;方勇,博士,教授,博士生导师.主要研究方向为网络对抗技术.yfang@scu.edu.cn;郝城凌,硕士.主要研究方向为入侵检测、图神经网络.1612170458@qq.com;杨运涛,硕士.主要研究方向为图神经网络、APT溯源检测.ttmonica111@163.com;通信作者:张棋,硕士.主要研究方向为网络数据安全政策、数据安全管理.sczhangxqi@126.com。
