Vulnerability detection method for mixed language software project

• Main Authors: ZHANG XUEJUN, ZHANG LEI, LIU DONGQING, ZHOU BO, ZHANG XUN, BAI WANRONG, WANG DI, ZHAO JINXIONG, WEI FENG, DU CHAOBEN
• Format: Patent
• Language: Chinese; English
• Published: 27.10.2023
• Subjects: CALCULATING; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; PHYSICS

The invention relates to a mixed language software project-oriented vulnerability detection method, which comprises the following steps of: (1) generating a code attribute graph by a vulnerability code: segmenting from an SARD vulnerability data set to obtain sub-data sets of Java and C/C + + languages, obtaining program slices of the sub-data sets, and for the vulnerability data set obtained from the SARD, generating a code attribute graph; converting the source code into a corresponding code attribute graph according to a semantic structure; constructing a mixed language code feature field data set based on a keyword dictionary and a manual labeling screening method; (2) preprocessing data to obtain a vectorized code feature field data set; (3) identifying a model code reconstruction process based on the BGRU-CRF named entity to obtain a reconstructed program slice; (4) training a vulnerability detection neural network model; and (5) using a Softmax layer as a final output layer of the model in the vulnerab