公开(公告)号：US20250077683A1

公开(公告)日：2025-03-06

申请号：US18650308

申请日：2024-04-30

Applicant: Huazhong University of Science and Technology

Inventor： Bin YUAN ,  Zijing XU ,  Tiancheng HU ,  Yueming WU ,  Deqing ZOU ,  Hai JIN

IPC: G06F21/57 ,  G06F21/56

Abstract: The present disclosure relates to a system and method for vulnerability localization based on deep learning, which comprises, at a minimum, a processor configured to: analyze a code file under detection to obtain a first abstract syntax tree devoid of semantic information; build upon the first abstract syntax tree by incorporating data-flow edges and/or control-flow edges, thereby forming a second abstract syntax tree with semantic-flow enhancement; split the second abstract syntax tree to obtain a plurality of second abstract syntax sub-trees; and input these second abstract syntax sub-trees into a pre-established vulnerability detection and localization model. Compared with existing code vulnerability detection methods, the present disclosure employs a semantically-enhanced abstract syntax tree and finely-grained segmentation thereof, enabling both the efficient detection and accurate localization of code vulnerabilities, characterized by swift detection rates, low false positive rates, and commendable interpretability of the detection results.