首页|期刊导航|现代电子技术|融合静态和动态信息特征的代码漏洞检测研究

融合静态和动态信息特征的代码漏洞检测研究OA

Research on code vulnerability detection by integrating static and dynamic information features

中文摘要英文摘要

针对基于DL的学习程序表示的解决方案存在无法捕获深度且精确的程序语义信息导致预测时产生的假阳性问题,文中提出对比学习与Mamba结合的模型(CL-Mamba).该模型通过融合抽象语法树、数据流图、控制流图等静态信息与符号执行路径的动态信息,结合对比学习和Mamba架构,优化了代码语义表示与上下文理解能力.同时,采用无监督主动学习技术来确定收集动态符号执行轨迹的重要路径子集,减少符号执行的开销.实验在三个数据集上验证了模型性能,并与多种方法进行对比,证明了其在改善假阳性问题和提升检测精度方面具有显著优势,是一种高效的软件安全分析工具.

In view of the fact that the solutions to DL-based learning program representation cannot capture deep and accurate program semantic information,resulting in false positive during prediction,this paper proposes a model CL-Mamba which combines contrastive learning and Mamba.This model optimizes the code semantic representation and context understanding capabilities by integrating static information such as abstract syntax tree(AST),data-flow graph(DFG),and control-flow graph(CFG)with dynamic information of symbolic execution paths,and combining contrastive learning and Mamba architecture.Unsupervised active learning technology is used to determine the subset of important paths for collecting dynamic symbolic execution trajectories,so as to reduce the overhead of symbolic execution.The model performance is verified experimentally on three datasets and compared with multiple methods,which proves that the proposed model has significant advantages in eliminating false positive and improving detection accuracy.To sum up,this method is an efficient software security analysis tool.

陈万其;昝风彪;刘昕

青海民族大学 智能科学与工程学院,青海 西宁 810007青海民族大学 智能科学与工程学院,青海 西宁 810007||青海民族大学 人工智能应用技术国家民委重点实验室,青海 西宁 810007青海民族大学 智能科学与工程学院,青海 西宁 810007||青海民族大学 人工智能应用技术国家民委重点实验室,青海 西宁 810007

信息技术与安全科学

Java代码漏洞检测深度学习Mamba主动学习对比学习路径选择

Java code vulnerability detectiondeep learningMambaactive learningcontrastive learningpath selection

《现代电子技术》 2026 (7)

74-82,9

青海省"昆仑英才·高端创新创业人才"项目海南州智慧环保示范基地数据可视化平台建设项目(2024-HN-P03)

10.16652/j.issn.1004-373x.2026.07.012

评论