A novel approach for software vulnerability detection based on advanced computing

A novel approach for software vulnerability detection based on advanced computing

연구 분야: Strategies

학회: Neural Computing and Applications

Because the damage caused by source code vulnerabilities to agencies and organizations is increasing, early detection and warning of these vulnerabilities is very necessary today. In recent times, approaches based on analyzing source code into Code Property Graph (CPG) and then using deep learning graph techniques, machine learning models or deep learning have brought certain effectiveness. However, some issues need to be improved in traditional approaches including: (i) source code feature extraction technique from CPG; (ii) source code classification techniques. To overcome the above two problems, this article will propose a new model called CSGD. The educational policy model will be a combination of three main techniques: Code sage; Graph Convolution Network (GCN); and Dropout. These three techniques will flexibly combine with each other to perform two main functions: Feature Intelligent Extraction and Rebalancing Data. Feature Intelligent Extraction will be a model combining GCN and Code sage to synthesize and extract source code features in the form of CPG. Code sage’s mission will be to synthesize and enrich information for CPG vertexes. GCN will convert the graph into a single feature vector. Finally, the Rebalancing Data technique in the CSGD model will generate additional data of missing labels based on the Dropout function. To evaluate the effectiveness of the CSGD model, this study will evaluate two experimental datasets that are being researched and widely applied today for the task of detecting source code vulnerabilities: Verum and FFmpeg + Qume. The experimental results in the article show that the CSGD model brings good results on both of these datasets. Besides, this model outperforms other approaches by 1% to 6% on the Verum dataset and by 1% to 5% on the FFmpeg + Qume dataset. This is the best result of the source code vulnerability detection task based on the FFmpeg + Qume and Verum datasets.