Binary vulnerability detection method and system based on BERT and code snippet understanding
The invention belongs to the technical field of security, and provides a binary vulnerability detection method and system based on BERT and code snippet understanding. The objective of the invention is to solve the problem of binary vulnerability recognition and the limitation of an existing LSTM-ba...
Gespeichert in:
| Hauptverfasser: | , , , , , |
|---|---|
| Format: | Patent |
| Sprache: | chi ; eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | The invention belongs to the technical field of security, and provides a binary vulnerability detection method and system based on BERT and code snippet understanding. The objective of the invention is to solve the problem of binary vulnerability recognition and the limitation of an existing LSTM-based method in precision and granularity. According to the main scheme, firstly, each function of a Binary Ninja binary code is converted into an intermediate representation MLIM; secondly, performing code snippet extraction on possible vulnerability points in the intermediate representation; thirdly, performing feature extraction on the code snippets by using a BERT model to obtain code snippet vectors with code snippet semantics; and finally, classifying the code snippet vectors by using a multi-layer perceptron, and judging whether the code snippets contain vulnerabilities or not.
本发明属于安全技术领域,提供了一种基于BERT和代码片段理解的二进制漏洞检测方法及系统。主旨在于解决二进制漏洞识别的问题,以及现有基于LSTM方法在精度上、粒度上的局限性。主要方案首先,通过Binary Ninja二进制代码的每个函数转化为一种中间表示MLIL;然后, |
|---|