Abstract
Our work explores the utilization of deep learning, specifically leveraging the CodeBERT model, to enhance code security testing for Python applications by detecting SQL injection vulnerabilities. Unlike traditional security testing methods that may be slow and error-prone, our approach transforms source code into vector representations and trains a Long Short-Term Memory (LSTM) model to identify vulnerable patterns. When compared with existing static application security testing (SAST) tools, our model displays superior performance, achieving higher precision, recall, and F1-score. The study demonstrates that deep learning techniques, particularly with CodeBERT's advanced contextual understanding, can significantly improve vulnerability detection, presenting a scalable methodology applicable to various programming languages and vulnerability types.
Abstract (translated)
我们的工作探讨了利用深度学习,特别是采用CodeBERT模型,通过检测SQL注入漏洞来提升Python应用程序的代码安全测试。与传统的安全测试方法可能缓慢且容易出错不同,我们的方法将源代码转换为向量表示,并训练长短期记忆(LSTM)模型以识别易受攻击的模式。相比于现有的静态应用安全测试(SAST)工具,我们的模型表现更优,实现了更高的精确率、召回率和F1分数。研究表明,深度学习技术,特别是CodeBERT对上下文理解的高级能力,可以显著提升漏洞检测效果,提供了一种可扩展的方法论,适用于各种编程语言和漏洞类型。
URL
https://arxiv.org/abs/2410.21968