Research And Implementation On Anomaly Detection Of Deep Learning Source Code Vulnerability Detection Tools Based On Differential Testing

Nowadays,a large number of developers are using deep learning source code vulnerability detection tools to detect security vulnerabilities in source code.However,many deep learning source code vulnerability detection tools perform very poorly in detecting source code in real production environments,with detection accuracy below 20%.The main reason is that there are abnormal issues in the detection process of deep learning source code vulnerability detection tools,including:non-standard use of datasets,non-standard tool design,poor robustness of detection tools,and deep learning models not learning the essential features of vulnerabilities.As a software,deep learning source code vulnerability detection tools inevitably have some common problems that still require software testing.Currently,many studies have focused on deep learning source code vulnerability detection tools,focusing on training data and algorithm improvement,without overly considering the shortcomings of deep learning source code vulnerability detection tools as software.At present,the improvement methods of deep learning source code vulnerability detection tools only rely on manual analysis and improvement of the preprocessing code and algorithms of the source code vulnerability detection tools,without achieving automated detection and repair of anomalies.These tasks are time-consuming and laborious,and the efficiency of discovering anomalies is not efficient enough.This article regards the deep learning source code vulnerability detection tool as a special software and utilizes differential testing,a universal software testing method,to detect and analyze anomalies in the deep learning source code vulnerability detection tool.The anomalies detected in this article not only include common software anomalies,but also anomalies generated by deep learning features,as well as anomalies unique to source code vulnerability detection tools.This article identifies and quantifies the anomalies in deep learning source code vulnerability detection tools,and fixes the anomalies that have already been discovered in the source code vulnerability detection tools.This article studies all possible anomalies in source code vulnerability detection tools,proposes a source code vulnerability detection tool anomaly detection method based on differential testing,proposes a new test case mutation strategy on the basis of existing differential testing,and implements a source code vulnerability detection tool anomaly detection system based on differential testing,providing anomaly detection and repair methods.The work and contributions of this article are as follows:1.Defined the anomalies that exist in deep learning source code vulnerability detection tools.These anomalies include dataset related anomalies discovered in previous research,common anomalies in general software,and anomalies unique to the functionality of deep learning source code vulnerability detection tools.Among them,code fragment labeling exceptions,symbolization exceptions,and deep learning fairness exceptions have not been discovered in the past.2.Research on anomaly detection methods for deep learning source code vulnerability detection tools.This article proposes a new anomaly detection method and a new test case mutation method based on existing differential testing.This article proposes 12 anomaly detection methods for source code vulnerability detection tools,of which 9 utilize differential testing technology.Based on these anomaly detection methods,this article proposes corresponding automated repair methods.3.Research and implement an anomaly detection system for deep learning source code vulnerability detection tools based on differential testing.Detect commonly used open source deep learning source code vulnerability detection tools,and discover 8 tool implementation class exceptions.It is also found that all deep learning source code vulnerability detection tools have algorithm class exceptions.The system analyzed the possible errors in the code of the deep learning source code vulnerability detection tool as a software,and discovered anomalies in the deep learning source code vulnerability detection tool that were not discovered in the past,which is innovative.