Java vulnerability classification method based on natural language processing and deep forest

Java vulnerability classification method based on natural language processing and deep forest

The invention discloses a Java vulnerability classification method based on natural language processing and a deep forest, and belongs to the technical field of source code vulnerability mining and classification. The method mainly comprises two aspects of vulnerability source code feature extractio...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: DING JIAMAN, FU WEIKANG
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention discloses a Java vulnerability classification method based on natural language processing and a deep forest, and belongs to the technical field of source code vulnerability mining and classification. The method mainly comprises two aspects of vulnerability source code feature extraction and representation and a vulnerability source code classification method. Aiming at the problems of low efficiency and high false alarm rate of a current Java source code static analysis method, a source code is analyzed into an abstract syntax tree, the abstract syntax tree is cut into expression sub-trees through an NLP-based ASTNN coding layer, the expression sub-trees are traversed twice to obtain a statement sequence, and final vector representation of the source code is obtained through multi-granularity scanning. The vector representations are then classified through a cascade forest. An OWASP vulnerability data set is selected as a sample in an experiment, and the effectiveness of the Java source code vul