Binary vulnerability detection method and system based on BERT and code snippet understanding

The invention belongs to the technical field of security, and provides a binary vulnerability detection method and system based on BERT and code snippet understanding. The objective of the invention is to solve the problem of binary vulnerability recognition and the limitation of an existing LSTM-ba...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: NIU WEINA, HAO KEGANG, WANG ADUO, ZHANG XIAOSONG, CHEN XINGLONG, SU YUCHI
Format: Patent
Sprache:chi ; eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator NIU WEINA
HAO KEGANG
WANG ADUO
ZHANG XIAOSONG
CHEN XINGLONG
SU YUCHI
description The invention belongs to the technical field of security, and provides a binary vulnerability detection method and system based on BERT and code snippet understanding. The objective of the invention is to solve the problem of binary vulnerability recognition and the limitation of an existing LSTM-based method in precision and granularity. According to the main scheme, firstly, each function of a Binary Ninja binary code is converted into an intermediate representation MLIM; secondly, performing code snippet extraction on possible vulnerability points in the intermediate representation; thirdly, performing feature extraction on the code snippets by using a BERT model to obtain code snippet vectors with code snippet semantics; and finally, classifying the code snippet vectors by using a multi-layer perceptron, and judging whether the code snippets contain vulnerabilities or not. 本发明属于安全技术领域,提供了一种基于BERT和代码片段理解的二进制漏洞检测方法及系统。主旨在于解决二进制漏洞识别的问题,以及现有基于LSTM方法在精度上、粒度上的局限性。主要方案首先,通过Binary Ninja二进制代码的每个函数转化为一种中间表示MLIL;然后,
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_CN118568729A</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>CN118568729A</sourcerecordid><originalsourceid>FETCH-epo_espacenet_CN118568729A3</originalsourceid><addsrcrecordid>eNqNirEOgkAQBWksjPoP6wdYoFGxFIKxsjC0hhzcQy-BvQu7mPD3EuMHWE0yM_PokTo2_UjvoWX0pnKt05EsFLU6z9RBX96SYUsyiqKjyggsTSnN78U31N6ChF0IUBrYohedvOPnMpo1phWsflxE60teZNcNgi8hwdRgaJnd4jjZH5Lj9nTe_fN8APiiPDk</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Binary vulnerability detection method and system based on BERT and code snippet understanding</title><source>esp@cenet</source><creator>NIU WEINA ; HAO KEGANG ; WANG ADUO ; ZHANG XIAOSONG ; CHEN XINGLONG ; SU YUCHI</creator><creatorcontrib>NIU WEINA ; HAO KEGANG ; WANG ADUO ; ZHANG XIAOSONG ; CHEN XINGLONG ; SU YUCHI</creatorcontrib><description>The invention belongs to the technical field of security, and provides a binary vulnerability detection method and system based on BERT and code snippet understanding. The objective of the invention is to solve the problem of binary vulnerability recognition and the limitation of an existing LSTM-based method in precision and granularity. According to the main scheme, firstly, each function of a Binary Ninja binary code is converted into an intermediate representation MLIM; secondly, performing code snippet extraction on possible vulnerability points in the intermediate representation; thirdly, performing feature extraction on the code snippets by using a BERT model to obtain code snippet vectors with code snippet semantics; and finally, classifying the code snippet vectors by using a multi-layer perceptron, and judging whether the code snippets contain vulnerabilities or not. 本发明属于安全技术领域,提供了一种基于BERT和代码片段理解的二进制漏洞检测方法及系统。主旨在于解决二进制漏洞识别的问题,以及现有基于LSTM方法在精度上、粒度上的局限性。主要方案首先,通过Binary Ninja二进制代码的每个函数转化为一种中间表示MLIL;然后,</description><language>chi ; eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC DIGITAL DATA PROCESSING ; PHYSICS</subject><creationdate>2024</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20240830&amp;DB=EPODOC&amp;CC=CN&amp;NR=118568729A$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20240830&amp;DB=EPODOC&amp;CC=CN&amp;NR=118568729A$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>NIU WEINA</creatorcontrib><creatorcontrib>HAO KEGANG</creatorcontrib><creatorcontrib>WANG ADUO</creatorcontrib><creatorcontrib>ZHANG XIAOSONG</creatorcontrib><creatorcontrib>CHEN XINGLONG</creatorcontrib><creatorcontrib>SU YUCHI</creatorcontrib><title>Binary vulnerability detection method and system based on BERT and code snippet understanding</title><description>The invention belongs to the technical field of security, and provides a binary vulnerability detection method and system based on BERT and code snippet understanding. The objective of the invention is to solve the problem of binary vulnerability recognition and the limitation of an existing LSTM-based method in precision and granularity. According to the main scheme, firstly, each function of a Binary Ninja binary code is converted into an intermediate representation MLIM; secondly, performing code snippet extraction on possible vulnerability points in the intermediate representation; thirdly, performing feature extraction on the code snippets by using a BERT model to obtain code snippet vectors with code snippet semantics; and finally, classifying the code snippet vectors by using a multi-layer perceptron, and judging whether the code snippets contain vulnerabilities or not. 本发明属于安全技术领域,提供了一种基于BERT和代码片段理解的二进制漏洞检测方法及系统。主旨在于解决二进制漏洞识别的问题,以及现有基于LSTM方法在精度上、粒度上的局限性。主要方案首先,通过Binary Ninja二进制代码的每个函数转化为一种中间表示MLIL;然后,</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>PHYSICS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2024</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNirEOgkAQBWksjPoP6wdYoFGxFIKxsjC0hhzcQy-BvQu7mPD3EuMHWE0yM_PokTo2_UjvoWX0pnKt05EsFLU6z9RBX96SYUsyiqKjyggsTSnN78U31N6ChF0IUBrYohedvOPnMpo1phWsflxE60teZNcNgi8hwdRgaJnd4jjZH5Lj9nTe_fN8APiiPDk</recordid><startdate>20240830</startdate><enddate>20240830</enddate><creator>NIU WEINA</creator><creator>HAO KEGANG</creator><creator>WANG ADUO</creator><creator>ZHANG XIAOSONG</creator><creator>CHEN XINGLONG</creator><creator>SU YUCHI</creator><scope>EVB</scope></search><sort><creationdate>20240830</creationdate><title>Binary vulnerability detection method and system based on BERT and code snippet understanding</title><author>NIU WEINA ; HAO KEGANG ; WANG ADUO ; ZHANG XIAOSONG ; CHEN XINGLONG ; SU YUCHI</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_CN118568729A3</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>chi ; eng</language><creationdate>2024</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>PHYSICS</topic><toplevel>online_resources</toplevel><creatorcontrib>NIU WEINA</creatorcontrib><creatorcontrib>HAO KEGANG</creatorcontrib><creatorcontrib>WANG ADUO</creatorcontrib><creatorcontrib>ZHANG XIAOSONG</creatorcontrib><creatorcontrib>CHEN XINGLONG</creatorcontrib><creatorcontrib>SU YUCHI</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>NIU WEINA</au><au>HAO KEGANG</au><au>WANG ADUO</au><au>ZHANG XIAOSONG</au><au>CHEN XINGLONG</au><au>SU YUCHI</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Binary vulnerability detection method and system based on BERT and code snippet understanding</title><date>2024-08-30</date><risdate>2024</risdate><abstract>The invention belongs to the technical field of security, and provides a binary vulnerability detection method and system based on BERT and code snippet understanding. The objective of the invention is to solve the problem of binary vulnerability recognition and the limitation of an existing LSTM-based method in precision and granularity. According to the main scheme, firstly, each function of a Binary Ninja binary code is converted into an intermediate representation MLIM; secondly, performing code snippet extraction on possible vulnerability points in the intermediate representation; thirdly, performing feature extraction on the code snippets by using a BERT model to obtain code snippet vectors with code snippet semantics; and finally, classifying the code snippet vectors by using a multi-layer perceptron, and judging whether the code snippets contain vulnerabilities or not. 本发明属于安全技术领域,提供了一种基于BERT和代码片段理解的二进制漏洞检测方法及系统。主旨在于解决二进制漏洞识别的问题,以及现有基于LSTM方法在精度上、粒度上的局限性。主要方案首先,通过Binary Ninja二进制代码的每个函数转化为一种中间表示MLIL;然后,</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language chi ; eng
recordid cdi_epo_espacenet_CN118568729A
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
title Binary vulnerability detection method and system based on BERT and code snippet understanding
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-28T20%3A04%3A50IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=NIU%20WEINA&rft.date=2024-08-30&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3ECN118568729A%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true