Tongxin xuebao (Nov 2021)

Dual-granularity lightweight model for vulnerability code slicing method assessment

  • Bing ZHANG,
  • Zheng WEN,
  • Yuxuan ZHAO,
  • Ning WANG,
  • Jiadong REN

Journal volume & issue
Vol. 42
pp. 233 – 241

Abstract

Read online

Aiming at the problems existing in the assessment of existing vulnerability code slicing method, such as incomplete extraction of slicing information, high model complexity and poor generalization ability, and no feedback in the evaluation process, a dual-granularity lightweight vulnerability code slicing evaluation (VCSE) model was proposed.Aiming at the code snippet, a lightweight fusion model of TF-IDF and N-gram was constructed, which bypassed the OOV problem efficiently, and the semantic and statistical features of code slices were extracted based on the double granularity of words and characters.A heterogeneous integrated classifier with high accuracy and generalization performance was designed for vulnerability prediction and analysis.The experimental results show that the evaluation effect of lightweight VCSE is obviously better than that of the current widely used deep learning model.

Keywords