• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

基于上下文和多特征的漏洞检测:一种基于上下文切片和多特征的漏洞检测框架

Context and Multi-Features-Based Vulnerability Detection: A Vulnerability Detection Frame Based on Context Slicing and Multi-Features.

作者信息

Zhang Yulin, Hu Yong, Chen Xiao

机构信息

School of Cyber Science and Engineering, Sichuan University, Chengdu 610207, China.

出版信息

Sensors (Basel). 2024 Feb 20;24(5):1351. doi: 10.3390/s24051351.

DOI:10.3390/s24051351
PMID:38474887
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC10935009/
Abstract

With the increasing use of open-source libraries and secondary development, software projects face security vulnerabilities. Existing studies on source code vulnerability detection rely on natural language processing techniques, but they overlook the intricate dependencies in programming languages. To address this, we propose a framework called Context and Multi-Features-based Vulnerability Detection (CMFVD). CMFVD integrates source code graphs and textual sequences, using a novel slicing method called Context Slicing to capture contextual information. The framework combines graph convolutional networks (GCNs) and bidirectional gated recurrent units (BGRUs) with attention mechanisms to extract local semantic and syntactic information. Experimental results on Software Assurance Reference Datasets (SARDs) demonstrate CMFVD's effectiveness, achieving the highest F1-score of 0.986 and outperforming other models. CMFVD offers a promising approach to identifying and rectifying security flaws in large-scale codebases.

摘要

随着开源库的使用增加和二次开发,软件项目面临安全漏洞。现有的关于源代码漏洞检测的研究依赖于自然语言处理技术,但它们忽略了编程语言中复杂的依赖关系。为了解决这个问题,我们提出了一个名为基于上下文和多特征的漏洞检测(CMFVD)的框架。CMFVD集成了源代码图和文本序列,使用一种名为上下文切片的新颖切片方法来捕获上下文信息。该框架将图卷积网络(GCN)和双向门控循环单元(BGRU)与注意力机制相结合,以提取局部语义和句法信息。在软件保障参考数据集(SARDs)上的实验结果证明了CMFVD的有效性,实现了高达0.986的最高F1分数,并优于其他模型。CMFVD为识别和纠正大规模代码库中的安全缺陷提供了一种有前景的方法。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/15ff93f6ad93/sensors-24-01351-g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/1d23fed28060/sensors-24-01351-g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/920dd173e4d9/sensors-24-01351-g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/7ba6291e55bc/sensors-24-01351-g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/b797d0e7da61/sensors-24-01351-g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/9a4c8ea69894/sensors-24-01351-g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/1fb251f7e303/sensors-24-01351-g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/b2cbd60969f7/sensors-24-01351-g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/15ff93f6ad93/sensors-24-01351-g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/1d23fed28060/sensors-24-01351-g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/920dd173e4d9/sensors-24-01351-g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/7ba6291e55bc/sensors-24-01351-g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/b797d0e7da61/sensors-24-01351-g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/9a4c8ea69894/sensors-24-01351-g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/1fb251f7e303/sensors-24-01351-g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/b2cbd60969f7/sensors-24-01351-g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/724b/10935009/15ff93f6ad93/sensors-24-01351-g008.jpg

相似文献

1
Context and Multi-Features-Based Vulnerability Detection: A Vulnerability Detection Frame Based on Context Slicing and Multi-Features.基于上下文和多特征的漏洞检测:一种基于上下文切片和多特征的漏洞检测框架
Sensors (Basel). 2024 Feb 20;24(5):1351. doi: 10.3390/s24051351.
2
Vulnerability detection in Java source code using a quantum convolutional neural network with self-attentive pooling, deep sequence, and graph-based hybrid feature extraction.使用具有自注意力池化、深度序列和基于图的混合特征提取的量子卷积神经网络在Java源代码中进行漏洞检测。
Sci Rep. 2024 Mar 28;14(1):7406. doi: 10.1038/s41598-024-56871-z.
3
Open source software security vulnerability detection based on dynamic behavior features.基于动态行为特征的开源软件安全漏洞检测。
PLoS One. 2019 Aug 23;14(8):e0221530. doi: 10.1371/journal.pone.0221530. eCollection 2019.
4
Co-embedding of edges and nodes with deep graph convolutional neural networks.使用深度图卷积神经网络进行边和节点的联合嵌入
Sci Rep. 2023 Oct 8;13(1):16966. doi: 10.1038/s41598-023-44224-1.
5
BioByGANS: biomedical named entity recognition by fusing contextual and syntactic features through graph attention network in node classification framework.BioByGANS:通过图注意力网络在节点分类框架中融合上下文和句法特征进行生物医学命名实体识别。
BMC Bioinformatics. 2022 Nov 22;23(1):501. doi: 10.1186/s12859-022-05051-9.
6
TGDAUNet: Transformer and GCNN based dual-branch attention UNet for medical image segmentation.TGDAUNet:基于 Transformer 和 GCNN 的双分支注意力 U-Net 用于医学图像分割。
Comput Biol Med. 2023 Dec;167:107583. doi: 10.1016/j.compbiomed.2023.107583. Epub 2023 Oct 21.
7
HN-PPISP: a hybrid network based on MLP-Mixer for protein-protein interaction site prediction.HN-PPISP:一种基于MLP-Mixer的用于蛋白质-蛋白质相互作用位点预测的混合网络。
Brief Bioinform. 2023 Jan 19;24(1). doi: 10.1093/bib/bbac480.
8
Protein secondary structure prediction improved by recurrent neural networks integrated with two-dimensional convolutional neural networks.通过与二维卷积神经网络集成的循环神经网络改进蛋白质二级结构预测。
J Bioinform Comput Biol. 2018 Oct;16(5):1850021. doi: 10.1142/S021972001850021X.
9
A systematic literature review on the applications of recurrent neural networks in code clone research.基于循环神经网络在代码克隆研究中的应用的系统性文献回顾。
PLoS One. 2024 Feb 2;19(2):e0296858. doi: 10.1371/journal.pone.0296858. eCollection 2024.
10
Leveraging Multi-source knowledge for Chinese clinical named entity recognition via relational graph convolutional network.基于关系图卷积网络的多源知识融合的中文临床命名实体识别。
J Biomed Inform. 2022 Apr;128:104035. doi: 10.1016/j.jbi.2022.104035. Epub 2022 Feb 23.

本文引用的文献

1
BERT-Based Approaches to Identifying Malicious URLs.基于BERT的恶意URL识别方法。
Sensors (Basel). 2023 Oct 16;23(20):8499. doi: 10.3390/s23208499.
2
A Malicious Code Detection Method Based on Stacked Depthwise Separable Convolutions and Attention Mechanism.一种基于堆叠深度可分离卷积和注意力机制的恶意代码检测方法。
Sensors (Basel). 2023 Aug 10;23(16):7084. doi: 10.3390/s23167084.
3
IoT Platforms and Security: An Analysis of the Leading Industrial/Commercial Solutions.物联网平台与安全:对领先的工业/商业解决方案的分析
Sensors (Basel). 2022 Mar 11;22(6):2196. doi: 10.3390/s22062196.
4
Learning to forget: continual prediction with LSTM.学习遗忘:使用长短期记忆网络进行持续预测。
Neural Comput. 2000 Oct;12(10):2451-71. doi: 10.1162/089976600300015015.
5
Digital selection and analogue amplification coexist in a cortex-inspired silicon circuit.数字选择与模拟放大共存于一个受皮层启发的硅电路中。
Nature. 2000 Jun 22;405(6789):947-51. doi: 10.1038/35016072.