西安电子科技大学学报 ›› 2020, Vol. 47 ›› Issue (6): 164-173.doi: 10.19665/j.issn1001-2400.2020.06.023

• 信息与通信工程 & 网络空间安全 • 上一篇    

一种改进ASTNN网络的PHP代码漏洞挖掘方法

胡建伟1,2(),赵伟1(),崔艳鹏1,2,崔俊洁1   

  1. 1.西安电子科技大学 网络与信息安全学院,陕西 西安 710071
    2.西安电子科技大学 网络行为研究中心,陕西 西安 710071
  • 收稿日期:2020-01-05 出版日期:2020-12-20 发布日期:2021-01-06
  • 通讯作者: 赵伟
  • 作者简介:胡建伟(1973—),男,副教授,E-mail: jhost@xidian.edu.cn

PHP code vulnerability mining technology based on theimproved ASTNN

HU Jianwei1,2(),ZHAO Wei1(),CUI Yanpeng1,2,CUI Junjie1   

  1. 1. School of Network and Information Security, Xidian University, Xi’an 710071, China
    2. Network Behavior Research Center, Xidian University, Xi’an 710071, China
  • Received:2020-01-05 Online:2020-12-20 Published:2021-01-06
  • Contact: Wei ZHAO

摘要:

针对传统的动静态PHP漏洞挖掘技术效率低、误报率高、漏洞匹配规则过于单一且不具有泛化性的问题,以及现有的以token序列、软件度量等作为特征的神经网络模型不能很好地理解代码语义的问题,提出了一种基于ASTNN深度神经网络的PHP漏洞挖掘方法。首先,根据表达式子树的概念及PHP抽象语法树的特点定义了表达式子树划分规则;其次,根据PHP抽象语法树的特殊结构对传统ASTNN深度神经网络的编码层进行了改进,在提高模型效率的同时更好地保留了抽象语法树所包含的语义信息。最终实验结果表明,基于改进后ASTNN网络的PHP漏洞挖掘方法相对于传统的漏洞挖掘方法具有更高的准确率及召回率。改进后的ASTNN深度神经网络模型适用于PHP语言漏洞挖掘领域。

关键词: 抽象语法树, 深度学习, 循环神经网络, 漏洞挖掘

Abstract:

In order to solve the problems of low efficiency and high false positives of the traditional PHP vulnerability mining technology, a deep neural network mining method based on the ASTNN is proposed. At the same time, this method is also used to solve the problem of high false positives of the existing neural network model with the token sequence and software metrics as features. First, according to the characteristics of the PHP abstract syntax tree, the rules for dividing statement trees are defined. Second, according to the special structure of the PHP abstract syntax tree, improvements are made to the encoding layer of the traditional ASTNN deep neural network to better preserve the semantic information contained in the abstract syntax tree. Experimental results show that the PHP vulnerability mining method based on the improved ASTNN model has a higher accuracy and recall rate than the traditional method. The improved ASTNN deep neural network model is suitable for PHP vulnerability mining.

Key words: abstract syntax tree, deep learning, recurrent neural network, vulnerability mining

中图分类号: 

  • TP311.5