Searching for Software Vulnerabilities Using an Ensemble of Algorithms for the Analysis of a Graph Representation of the Code
This article analyzes the existing methods for searching for software vulnerabilities. For methods using deep learning models on a graph representation of the code, the problem of imaginary relationships between procedures is formulated, which complicates their application to code analysis problems....
Saved in:
| Published in: | Automatic control and computer sciences Vol. 57; no. 8; pp. 947 - 957 |
|---|---|
| Main Authors: | , |
| Format: | Journal Article |
| Language: | English |
| Published: |
Moscow
Pleiades Publishing
01-12-2023
Springer Nature B.V |
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | This article analyzes the existing methods for searching for software vulnerabilities. For methods using deep learning models on a graph representation of the code, the problem of imaginary relationships between procedures is formulated, which complicates their application to code analysis problems. To solve the formulated problem, an iterative method is proposed based on an ensemble of algorithms for analyzing the graph representation of the code. The method relies on a step-by-step narrowing of the set of code sections under consideration to increase the efficiency of using highly computationally complex methods. For the proposed method, a prototype of a system for searching for vulnerabilities for programs based on the .NET platform is presented, tested on a sample of NIST SARD and software with a large amount of code. |
|---|---|
| ISSN: | 0146-4116 1558-108X |
| DOI: | 10.3103/S0146411623080126 |