| 基于深度学习的软件安全漏洞挖掘 |
| |
| 引用本文: | 顾绵雪, 孙鸿宇, 韩丹, 杨粟, 曹婉莹, 郭祯, 曹春杰, 王文杰, 张玉清. 基于深度学习的软件安全漏洞挖掘[J]. 计算机研究与发展, 2021, 58(10): 2140-2162. DOI: 10.7544/issn1000-1239.2021.20210620 |
| |
| 作者姓名: | 顾绵雪 孙鸿宇 韩丹 杨粟 曹婉莹 郭祯 曹春杰 王文杰 张玉清 |
| |
| 作者单位: | 1.1(海南大学网络空间安全学院 海口 570228);2.2(国家计算机网络入侵防范中心(中国科学院大学) 北京 101408);3.3(西安电子科技大学网络与信息安全学院 西安 710126) (gumx@nipc.org.cn) |
| |
| 基金项目: | 国家自然科学基金项目(U1836210);海南省重点研发计划项目(ZDYF202012) |
| |
| 摘 要: | 软件的高复杂性和安全漏洞的形态多样化给软件安全漏洞研究带来了严峻的挑战.传统的漏洞挖掘方法效率低下且存在高误报和高漏报等问题,已经无法满足日益增长的软件安全性需求.目前,大量的研究工作尝试将深度学习应用于漏洞挖掘领域,以实现自动化和智能化漏洞挖掘.对深度学习应用于安全漏洞挖掘领域进行了深入的调研和分析.首先,通过梳理和分析基于深度学习的软件安全漏洞挖掘现有研究工作,概括其一般工作框架和技术方法;其次,以深度特征表示为切入点,分类阐述和归纳不同代码表征形式的安全漏洞挖掘模型;然后,分别探讨基于深度学习的软件安全漏洞挖掘模型在具体领域的应用,并重点关注物联网和智能合约安全漏洞挖掘;最后,依据对现有研究工作的整理和总结,指出该领域面临的不足与挑战,并对未来的研究趋势进行展望.
|
| 关 键 词: | 深度学习 漏洞挖掘 代码表征 物联网安全 智能合约安全 |
Software Security Vulnerability Mining Based on Deep Learning |
| |
| Gu Mianxue, Sun Hongyu, Han Dan, Yang Su, Cao Wanying, Guo Zhen, Cao Chunjie, Wang Wenjie, Zhang Yuqing. Software Security Vulnerability Mining Based on Deep Learning[J]. Journal of Computer Research and Development, 2021, 58(10): 2140-2162. DOI: 10.7544/issn1000-1239.2021.20210620 |
| |
| Authors: | Gu Mianxue Sun Hongyu Han Dan Yang Su Cao Wanying Guo Zhen Cao Chunjie Wang Wenjie Zhang Yuqing |
| |
| Affiliation: | 1.1(College of Cyberspace Security, Hainan University, Haikou 570228);2.2(National Computer Network Intrusion Protection Center (University of Chinese Academy of Sciences), Beijing 101408);3.3(College of Cyber Engineering, Xidian University, Xi’an 710126) |
| |
| Abstract: | The increasing complexity of software and the diversified forms of security vulnerabilities have brought severe challenges to the research of software security vulnerabilities. Traditional vulnerability mining methods are inefficient and have problems such as high false positives and high false negatives, which have been unable to meet the increasing demands for software security. At present, a lot of research works have attempted to apply deep learning to the field of vulnerability mining to realize automated and intelligent vulnerability mining. This review conducts an in-depth investigation and analysis of the deep learning methods applied to the field of software security vulnerability mining. First, through collecting and analyzing existing research works of software security vulnerability mining based on deep learning, its general work framework and technical route are summarized. Subsequently, starting from the extraction of deep features, security vulnerability mining works with different code representation forms are classified and discussed. Then, specific areas of deep learning based software security vulnerability mining works are discussed systematically, especially in the field of the Internet of Things and smart contract security. Finally, based on the summary of existing research works, the challenges and opportunities in this filed are discussed, and the future research trends are presented. |
| |
| Keywords: | deep learning vulnerability mining code representation IoT security smart contract security |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机研究与发展》浏览原始摘要信息 |
|
点击此处可从《计算机研究与发展》下载全文 |
|
