Research On Detection Method Of Software Vulnerability Based On Temporal Convolutional Network And Self-Attention Mechanism

The existence of software vulnerabilities poses a serious threat to the quality and security of software,and attackers can exploit software vulnerabilities to access or even attack systems without authorization.Source code contains more semantic information,and static analysis of source code has been widely used in the software development process.Additionally,open source software has gradually become a popular trend in software development,and vulnerabilities in open source software can be widely spread as developers reuse open source code.With the gradual expansion of existing software and the increasing frequency of vulnerabilities,there is an urgent need to conduct research on static vulnerability detection of source code.Traditional static vulnerability detection methods for source code mainly include code similarity-based vulnerability detection,pattern-based vulnerability detection.The former is used to detect vulnerabilities caused by code reuse,and has a high false negative rate when used to detect vulnerabilities not caused by code reuse.The latter requires security experts to manually define vulnerability rules or features,which is highly subjective and prone to high false positives and high false negatives.To address the above problems,this thesis uses deep learning techniques to automatically learn vulnerability features and conducts research on intelligent static vulnerability detection methods for source code.The main contributions of this thesis are as follows.1.Since inaccurate and imperfect vulnerability features defined manually for security experts can easily lead to high false positives and high false negatives,this thesis uses temporal convolutional network to automatically extract features of vulnerabilities and proposes a vulnerability detection system that achieves high detection capability and low time overhead,called TCNDetector.Experimental results show that compared with the state-of-the-art vulnerability detection system,TCNDetector offers a 2.01%,1.2%,1.8%,2.66%,and 2.4%improvement in terms of the accuracy,precision,F1-measure,false positive rate,and false negative rate respectively,while reducing time overhead by a factor of 18.7.2.The self-attention mechanism can focus on information that is more relevant to the vulnerability,thus further improving the performance of vulnerability detection methods.In this thesis,we design and implement a vulnerability detection system based on temporal convolutional network and self-attention mechanism,called TCNSADetector.We compare it with other vulnerability detection methods on public dataset respectively,and the experimental results suggest that TCNSADetector can achieve the highest detection capability.3.Since neural networks take fixed-length vector representations as input,vector length plays an important role in the detection capability of vulnerabilities.In this thesis,we investigate how to determine the optimal vector length and propose an adaptive search optimization algorithm,called ASO algorithm.We use four public datasets and compare it with the vector lengths manually set by human experts.Evaluation results demonstrate that the vector length determined by the ASO algorithm achieves high detection capability and does not lead to excessive time overhead.In summary,this study focuses on static vulnerability detection of source code and uses deep learning techniques to automatically extract vulnerability features to reduce the burden of security experts,while introducing the self-attention mechanism to focus on more important vulnerability features and improve the performance of vulnerability detection methods.Additionally,this study proposes an adaptive search optimization algorithm for how to determine the optimal vector length,which does not lead to excessive time overhead while improving vulnerability detection capability.