Algorithm Research & Explore
|
App. Res. of Comp. Printed Article
Vol. 38, 2021 No. 8
2394-2400

Code vulnerability detection model based on sliding window and hash function

Xu Jian1
Chen Pinghua1
Xiong Jianbin2
1. School of Computer, Guangdong University of Technology, Guangzhou 510006, China
2. School of Automation, Guangdong Polytechnic Normal University, Guangzhou 510665, China
DOI: 10.19734/j.issn.1001-3695.2020.10.0367

Abstract

Aiming at the problem that traditional vulnerability detection classification requires the definition of artificial features, similarity matching algorithms cannot detect non-clonal vulnerabilities and there are large feature dimensions and only for function call in existing deep learning vulnerability detection methods, this paper proposed a deep learning method based on sliding window and hash function to perform static vulnerability detection and classification on source code. Firstly, it extracted the method body of the source code to form a positive and negative sample set constructed an abstract syntax tree for each sample, replaced the programmer-defined variable names and method names according to the node type in the syntax tree and serialized abstract syntax tree by preorder traversal. Then, it performed word segmentation on the node information in the abstract syntax tree node and assigned an independent node number for each word. Then, it further split the tree nodes to form a word sequence, and trained the vulnerability detection classification model based the sliding window and hash function. Finally, it selected two types of vulnerability data sets, i. e. CWE-190 and CWE-191, for experiments in the SARD data set. The accuracy and recall rate of the vulnerability detection classification model reach 97.4% and 94.2% for CWE-190 and 97.6% and 95.1% for CWE-191 respectively. The results show that the model can effectively detect the types of security vulnerabilities in the code and it is superior to some existing methods.

Foundation Support

广东省科技计划资助项目(2020B1010010010,2019B101001021)
广东省自然科学基金资助项目(2019A1515010700)

Publish Information

DOI: 10.19734/j.issn.1001-3695.2020.10.0367
Publish at: Application Research of Computers Printed Article, Vol. 38, 2021 No. 8
Section: Algorithm Research & Explore
Pages: 2394-2400
Serial Number: 1001-3695(2021)08-027-2394-07

Publish History

[2021-08-05] Printed Article

Cite This Article

许健, 陈平华, 熊建斌. 融合滑动窗口和哈希函数的代码漏洞检测模型 [J]. 计算机应用研究, 2021, 38 (8): 2394-2400. (Xu Jian, Chen Pinghua, Xiong Jianbin. Code vulnerability detection model based on sliding window and hash function [J]. Application Research of Computers, 2021, 38 (8): 2394-2400. )

About the Journal

  • Application Research of Computers Monthly Journal
  • Journal ID ISSN 1001-3695
    CN  51-1196/TP

Application Research of Computers, founded in 1984, is an academic journal of computing technology sponsored by Sichuan Institute of Computer Sciences under the Science and Technology Department of Sichuan Province.

Aiming at the urgently needed cutting-edge technology in this discipline, Application Research of Computers reflects the mainstream technology, hot technology and the latest development trend of computer application research at home and abroad in a timely manner. The main contents of the journal include high-level academic papers in this discipline, the latest scientific research results and major application results. The contents of the columns involve new theories of computer discipline, basic computer theory, algorithm theory research, algorithm design and analysis, blockchain technology, system software and software engineering technology, pattern recognition and artificial intelligence, architecture, advanced computing, parallel processing, database technology, computer network and communication technology, information security technology, computer image graphics and its latest hot application technology.

Application Research of Computers has many high-level readers and authors, and its readers are mainly senior and middle-level researchers and engineers engaged in the field of computer science, as well as teachers and students majoring in computer science and related majors in colleges and universities. Over the years, the total citation frequency and Web download rate of Application Research of Computers have been ranked among the top of similar academic journals in this discipline, and the academic papers published are highly popular among the readers for their novelty, academics, foresight, orientation and practicality.

Indexed & Evaluation

  • The Second National Periodical Award 100 Key Journals
  • Double Effect Journal of China Journal Formation
  • the Core Journal of China (Peking University 2023 Edition)
  • the Core Journal for Science
  • Chinese Science Citation Database (CSCD) Source Journals
  • RCCSE Chinese Core Academic Journals
  • Journal of China Computer Federation
  • 2020-2022 The World Journal Clout Index (WJCI) Report of Scientific and Technological Periodicals
  • Full-text Source Journal of China Science and Technology Periodicals Database
  • Source Journal of China Academic Journals Comprehensive Evaluation Database
  • Source Journals of China Academic Journals (CD-ROM Version), China Journal Network
  • 2017-2019 China Outstanding Academic Journals with International Influence (Natural Science and Engineering Technology)
  • Source Journal of Top Academic Papers (F5000) Program of China's Excellent Science and Technology Journals
  • Source Journal of China Engineering Technology Electronic Information Network and Electronic Technology Literature Database
  • Source Journal of British Science Digest (INSPEC)
  • Japan Science and Technology Agency (JST) Source Journal
  • Russian Journal of Abstracts (AJ, VINITI) Source Journals
  • Full-text Journal of EBSCO, USA
  • Cambridge Scientific Abstracts (Natural Sciences) (CSA(NS)) core journals
  • Poland Copernicus Index (IC)
  • Ulrichsweb (USA)