Dual-granularity lightweight model for vulnerability code slicing method assessment

Bing ZHANG; Zheng WEN; Yuxuan ZHAO; Ning WANG; Jiadong REN

Tongxin xuebao (Nov 2021)

Dual-granularity lightweight model for vulnerability code slicing method assessment

Bing ZHANG,
Zheng WEN,
Yuxuan ZHAO,
Ning WANG,
Jiadong REN

Affiliations

Bing ZHANG
Zheng WEN
Yuxuan ZHAO
Ning WANG
Jiadong REN

Journal volume & issue: Vol. 42
pp. 233 – 241

Abstract

Read online

Aiming at the problems existing in the assessment of existing vulnerability code slicing method, such as incomplete extraction of slicing information, high model complexity and poor generalization ability, and no feedback in the evaluation process, a dual-granularity lightweight vulnerability code slicing evaluation (VCSE) model was proposed.Aiming at the code snippet, a lightweight fusion model of TF-IDF and N-gram was constructed, which bypassed the OOV problem efficiently, and the semantic and statistical features of code slices were extracted based on the double granularity of words and characters.A heterogeneous integrated classifier with high accuracy and generalization performance was designed for vulnerability prediction and analysis.The experimental results show that the evaluation effect of lightweight VCSE is obviously better than that of the current widely used deep learning model.

code slicing;vulnerability prediction;out of vocabulary;lightweight;assessment method

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords