Application Research Of Machine Learning In Code Vulnerability Audit

At present,the existing Web systems have covered many aspects of society,making network security particularly important.Traditional network penetration testing has been unable to meet the development needs of today’s society.In order to solve the security problem,it goes deep into the security detection of the Web system from the code level,so that the security of the system is higher.This topic is based on the actual needs,by detecting whether there are loopholes in the code in the system,combined with the extreme learning machine network model to achieve automatic detection of code loopholes audit.This can reduce manpower and material resources,and further promote the combination of automation and code vulnerability auditing.The paper first explains the background of the research topic,and introduces the relevant technical knowledge of code vulnerability auditing and machine learning,such as extreme learning machine(ELM)network,code vulnerability auditing technology,Web vulnerability principle,etc.At the same time,it compares the current code vulnerability auditing software.The analysis mainly depends on the detection methods and rules used.The abstract syntax tree generated by the training set is pruned and deduplicated,and then the Doc2 vec model is used to reduce the dimension of the data,and then the extreme learning machine network model is used to train the selected data set.It focuses on the analysis of pre-audit file processing,audit result vulnerability judgment and post-audit result relocation issues,which are used to summarize and expand the application research of its automation in code vulnerability audit.According to the experimental test,it is found that the extreme learning machine network model is better than the mature software RIPS and Seay,which can effectively reduce the false alarm rate.Finally,based on the analysis of the current code vulnerability auditing software,the combination of extreme learning machine network model and code vulnerability auditing,the tentative method of combining code vulnerability auditing and deep learning has been preliminarily realized.Using this method to detect vulnerabilities is a new idea.Using the combination of the new vulnerability detection method and the existing method,a PHP source code vulnerability audit software(PHPScan)is designed and implemented.After testing,the new method can improve the accuracy of detection results and reduce the false positive rate.