摘要
针对源代码漏洞检测可有效应对网络攻击,保障软件系统安全。提出了一种基于Attention-BiLSTM模型的Python源代码漏洞检测方法。将含有漏洞的Python源代码进行切片处理,使用Word2Vec模型将代码切片编码为特征向量,并利用Attention-BiLSTM模型对源代码中的漏洞缺陷特征进行学习。使用全连接层对Python源代码语句进行预测分类。在7种不同类型的漏洞数据集上进行实验。实验结果表明,相较于基于LSTM及BiLSTM模型的源代码漏洞检测方法,基于Attention-BiLSTM模型的Python源代码漏洞检测方法具有更高的准确率和F1Score,准确率达到了97.65%~99.64%,F1Score达到了89.56%~97.05%。
Aiming at source code vulnerability detection can effectively deal with network attacks and ensure the security of software systems.A Python source code vulnerability detection method based on Attention-BiLSTM model was proposed.The Python source code containing vulnerabilities was sliced,and then a Word2Vec model was used to encode the code slices into feature vectors.Then the Attention-BiLSTM model was used to learn the vulnerability features in the source code.Python source code statements were predicted and classified using fully-connected layer to determine whether they contain vulnerabilities.Experiments on seven different types of vulnerability datasets were conducted.The experimental results show that,compared to the source code vulnerability detection method based on LSTM and BiLSTM model,the Python source code vulnerability detection method based on the Attention-BiLSTM model has higher accuracy and F1 Score,the accuracy reaches up to 98.05%~99.64%,and the F1Score reaches up to 93.04%~97.96%.
作者
李朝杨
王希胤
LI Zhao-yang;WANG Xi-yin(College of Science,North China University of Science and Technology,Tangshan Hebei 063210,China)
出处
《华北理工大学学报(自然科学版)》
CAS
2023年第2期95-103,109,共10页
Journal of North China University of Science and Technology:Natural Science Edition
基金
国家自然科学基金项目(32070669)。
