长春工业大学计算机科学与工程学院;
针对传统漏洞检测方法依赖人工规则、特征融合不足等问题,提出一种深度融合代码文本、抽象语法树与程序依赖图的多模态检测框架(MSC-VD)。通过跨模态交叉注意力机制实现语法结构与语义上下文的动态对齐,结合层次化窗口注意力降低计算复杂度。实验表明,该方法在缓冲区溢出、SQL注入等漏洞检测中F1值达0.87,较主流基线提升5.2%~17.6%,误报率降低至0.11,为代码漏洞检测提供了高精度、可解释的解决方案。
| 63 | 0 | 8 |
| 下载次数 | 被引频次 | 阅读次数 |
[1] 王昕,刘爽,周长才.基于深度学习和磁共振图像的膝骨关节炎分类[J].长春工业大学学报,2023,44(1):45-51.
[2] 胡振泉.2024年度网络安全漏洞分析报告[R].北京:360数字安全集团,2025:1-18.
[3] Veracode.State of software security report 2024[EB/OL].(2023-02-15)[2024-04-15].http://www.info.veracode.com/.
[4] Singh A.Microservices security vulnerability remediation approach using veracode and checkmarx[J].Journal of Artificial Intelligence General Science (JAIGS) ISSN:3006-4023,2024,4(1):145-151.
[5] Zhou Y,Liu S,Siow J,et al.Devign:Effective vulnerability identification by learning comprehensive program semantics via graph neural networks[J].Advances in Neural Information Processing Systems,2019,32(1):1-13.
[6] Xu R,Tang Z,Ye G,et al.Detecting code vulnerabilities by learning from large-scale open source repositories[J].Journal of Information Security and Applications,2022,69:103293.
[7] Croft R,Babar M A,Kholoosi M M.Data quality for software vulnerability datasets[C]//2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE).IEEE,2023:121-133.
[8] Li Z,Zou D,Xu S,et al.Vuldeelocator:A deep learning-based fine-grained vulnerability detector[J].IEEE Transactions on Dependable and Secure Computing,2021,19(4):2821-2837.
[9] Feng Z,Guo D,Tang D,et al.CodeBERT:A pre-trained model for programming and natural languages[C]//Findings of the Association for Computational Linguistics:EMNLP,2020:1536-1547.
[10] Song Z,Xu J,Li K,et al.HCRVD:A vulnerability detection system based on CST-PDG hierarchical code representation learning[J].Computers,Materials & Continua,2024,79(3):4574-4601.
[11] Lin G,Zhang J,Luo W,et al.Cross-project transfer representation learning for vulnerable function discovery[J].IEEE Transactions on Industrial Informatics,2018,14(7):3289-3297.
[12] Pereira J D A,Vieira M.On the use of open-source C/C++ static analysis tools in large projects[C]//2020 16th European Dependable Computing Conference (EDCC).IEEE,2020:97-102.
[13] Ferschke O,Gurevych I,Rittberger M.FlawFinder:A modular system for predicting quality flaws in wikipedia[C]//CLEF (Online Working Notes/Labs/Workshop),2012:1-10.
[14] Liang H,Wang L,Wu D,et al.MLSA:A staticbugs analysis tool based on LLVM IR[C]//201617th IEEE/ACIS International Conference on Software Engineering,Artificial Intelligence,Networking and Parallel/Distributed Computing (SNPD).IEEE,2016:407-412.
[15] Scandariato R,Walden J,Hovsepyan A,et al.Predicting vulnerable software components via text mining[J].IEEE Transactions on Software Engineering,2014,40(10):993-1006.
[16] Pan J,Yan G,Fan X.Digtool:A {virtualization-based} framework for detecting kernel vulnerabilities[C]//26th USENIX Security Symposium USENIX Security 17,2017:149-165.
[17] Zhang Y,Huo W,Jian K,et al.SRFuzzer:An automatic fuzzing framework for physical SOHO router devices to discover multi-type vulnerabilities[C]//Proceedings of the 35th Nnual Computer Security Applications Conference,2019:544-556.
[18] Moukahal L J,Zulkernine M,Soukup M.Vulnerability-oriented fuzz testing for connected autonomous vehicle systems[J].IEEE Transactions on Reliability,2021,70(4):1422-1430.
[19] Li Z,Zou D,Xu S,et al.Vuldeepecker:A deeplearning-based system for vulnerability detection[J].arXiv preprint arXiv:1801.01681,2018.
[20] Chakraborty S,Krishna R,Ding Y,et al.Deeplearning based vulnerability detection:Are we there yet?[J].IEEE Transactions on Software Engineering,2021,48(9):3280-3296.
[21] Nakagawa S,Nagai T,Kanehara H,et al.Character-level convolutional neural network for predicting severity of software vulnerability from vulnerability description[J].IEICE-Transactions on Information and Systems,2019,102(9):1679-1682.
[22] 邓枭,叶蔚,谢睿,等.基于深度学习的源代码缺陷检测研究综述[J].软件学报,2023,34(2):625-654.
[23] Zhou X,Han D G,Lo D.Assessing generalizability of codebert[C]//2021 IEEE International Conference on Software Maintenance and Evolution (ICSME).IEEE,2021:425-436.
[24] Tang W,Tang M,Ban M,et al.CSGVD:A deep learning approach combining sequence and graph embedding for source code vulnerability detection[J].Journal of Systems and Software,2023,199:111623.
[25] Quan V L A,Phat C T,Van Nguyen K,et al.XGV-BERT:Leveraging contextualized language model and graph neural network for efficient software vulnerability detection[J].arXiv preprint arXiv:2309.14677,2023.
基本信息:
DOI:10.15923/j.cnki.cn22-1382/t.2025.3.01
中图分类号:TP309;TP18
引用信息:
[1]刘冰,张顺.基于多模态深度学习的源代码漏洞检测[J].长春工业大学学报,2025,46(03):193-199+289.DOI:10.15923/j.cnki.cn22-1382/t.2025.3.01.
基金信息:
吉林省教育厅基金资助项目(JJKH20230765K)