中圖分類號(hào): TP311 文獻(xiàn)標(biāo)識(shí)碼: A DOI: 10.19358/j.issn.2097-1788.2022.05.006 引用格式: 潘禺涵,舒遠(yuǎn)仲,洪晟,等. 基于多關(guān)系結(jié)構(gòu)圖神經(jīng)網(wǎng)絡(luò)的代碼漏洞檢測(cè)[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2022,41(5):36-42.
Code vulnerability detection based on multi-relational graph neural network
Pan Yuhan1,Shu Yuanzhong1,Hong Sheng2,Luo Bin1,Nie Yunfeng1
(1.School of Information Engineering,Nanchang Hangkong University,Nanchang 330000,China; 2.School of Cyber Science and Technology,Beihang University,Beijing 100191,China)
Abstract: In order to solve the problem that the conventional vulnerability detection technology is difficult to extract vulnerability features and has high false positive rate and high false negative rate, a source code vulnerability detection model based on multi-relational structure graph neural network and relational structure graph attention mechanism is proposed. Firstly, the syntactic and semantic information of the code is extracted through the code attribute graph, and the code is divided into different relation structure graphs according to different semantic relations, which enhances the code representation ability. Then, the graph neural network is used to represent and learn the graph structure, and the backward edge and the attention mechanism of relational structure graph are introduced into the network model to achieve the effect of more effective learning of vulnerability features. Finally, in order to verify the advantages of the model, the model is extensively evaluated on a large real data set, and the experimental results show that the method can effectively improve the vulnerability detection ability.
Key words : vulnerability detection;graph neural network;attention mechanism;relational graph;graph embedding
