Vulnerability Localization Based On Intermediate Code Representation and Feature Fusion

The Computer Journal(2024)

引用 0|浏览5
暂无评分
摘要
Abstract Vulnerability localization can assist security professionals in vulnerability validation and analysis. This study proposes an intelligent vulnerability localization method based on fine-grained program representation and feature fusion. Firstly, we generate efficient fine-grained program representations of the program. This involves transforming the source code into intermediate code. We use abstract syntax tree characteristics to correspond to the points of interest of the intermediate code. We slice the intermediate code file based on the point of interest and program dependency relationships. Subsequently, we use the word2vec model to the vectorization of the intermediate code slices. Then, we propose a vulnerability localization framework based on a feature fusion method, which can better combine the advantages of bidirectional gate recurrent unit and convolutional neural network to capture the syntax and semantics of program representation. Through comparing different program representations, we have discovered that the fine-grained representation based on intermediate code in this study provides a more accurate portrayal of program semantics. By comparing various methods, the proposed feature fusion approach in this paper improves vulnerability localization. We also conducted a visualization display of vulnerability localization. Furthermore, we have validated the effectiveness of this method in localizing vulnerabilities across five common vulnerability types.
更多
查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要