CN114676437B - Software vulnerability detection method and device based on quantum neural network - Google Patents
Software vulnerability detection method and device based on quantum neural network Download PDFInfo
- Publication number
- CN114676437B CN114676437B CN202210367516.4A CN202210367516A CN114676437B CN 114676437 B CN114676437 B CN 114676437B CN 202210367516 A CN202210367516 A CN 202210367516A CN 114676437 B CN114676437 B CN 114676437B
- Authority
- CN
- China
- Prior art keywords
- quantum
- word
- code segment
- neural network
- formula
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N10/00—Quantum computing, i.e. information processing based on quantum-mechanical phenomena
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Evolutionary Computation (AREA)
- Artificial Intelligence (AREA)
- Mathematical Physics (AREA)
- Data Mining & Analysis (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Condensed Matter Physics & Semiconductors (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Medical Informatics (AREA)
- Image Analysis (AREA)
Abstract
The invention provides a software vulnerability detection method and device based on a quantum neural network. The method comprises the following steps: step 1: positioning an API function in a target program to be detected; and 2, step: slicing the target program to be detected according to the API function to obtain a plurality of code segments; and step 3: standardizing variable names and/or function names in each code segment; and 4, step 4: constructing a dictionary based on the plurality of standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word; and 5: and inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on a quantum neural network to obtain the vulnerability in the target program to be detected.
Description
Technical Field
The invention relates to the technical field of quantum computing and network security, in particular to a software vulnerability detection method and device based on a quantum neural network.
Background
With the rapid development and popularization of networks, network security is still a key problem to be solved urgently in the industry. Software vulnerability detection has been studied as a core problem of network security, such as static analysis and dynamic analysis. With the advent of machine learning technology, machine learning-based software vulnerability detection has become a hotspot. Currently, the field mainly includes attribute-based software code measurement, code similarity detection, and the like.
Although classical machine learning has proven to be suitable for software vulnerability detection, the study has certain limitations, mainly manifested in the following areas: (1) The software vulnerability characteristics are defined depending on security experts, only known vulnerability information can be mined, and because unknown vulnerability information cannot be mined in an actual application environment, the application range is relatively limited; (2) The vulnerability detection capability based on the neural network is in direct proportion to the scale of the training data, and the training cost of the neural network is increased due to the expansion of the training data; (3) The memory storage space required by large-scale neural network training is also extremely large, and the expansion of the structure of the classical neural network can cause the storage performance bottleneck of the classical computer.
Disclosure of Invention
The invention provides a software vulnerability detection method and device based on a quantum neural network, aiming at the problem that software vulnerability detection based on classical machine learning has certain limitation.
In one aspect, the invention provides a software vulnerability detection method based on a quantum neural network, which comprises the following steps:
step 1: positioning an API function in a target program to be detected;
and 2, step: slicing the target program to be detected according to the API function to obtain a plurality of code segments;
and step 3: standardizing variable names and/or function names in each code segment;
and 4, step 4: constructing a dictionary based on the plurality of standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
and 5: and inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on a quantum neural network to obtain the vulnerability in the target program to be detected.
Further, the training process of the quantum neural network-based software vulnerability detection model comprises the following steps:
step A1: collecting a program with known vulnerability information as a training program;
step A2: locating an API function in the training program;
step A3: slicing the training program according to the API function to obtain a plurality of code segments;
step A4: judging whether each code segment has a bug or not, and setting different labels for the code segments with the bug and the code segments without the bug respectively;
step A5: standardizing variable names and/or function names in each code segment;
step A6: constructing a dictionary based on the plurality of standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
step A7: dividing all code segments into a training set and a verification set, inputting quantum state data of each code segment in the training set and a corresponding label into a quantum neural network model for training, testing the trained quantum neural network model by adopting the quantum state data of each code segment in the verification set, and taking the quantum neural network model with a test result meeting given performance requirements as a trained software vulnerability detection model based on the quantum neural network.
Further, the structure of the quantum neural network model comprises three parts: the first part is a coding circuit for quantum state preparation, which is composed of a series of non-adaptive quantum gates; the second part is an ansatz line consisting of a series of quantum gates with adaptive parameters; the third part is a measurement line for extracting the output.
Further, the unitary transform of the coded line is represented by equation (1):
wherein, U enc (α) denotes a unitary transform of a coding line for a single word, i denotes the ith bit in a binary vector, n q Representing the number of qubits, alpha representing a line parameter encoding a single word,the tensor product is represented.
Further, the unitary transform of the ansatz line is represented by equation (2):
wherein U (theta) represents a pairUnitary transformation of single words on ansatz lines, i 1 、i 2 、i 3 、i 4 、i 5 Respectively represent the ith in quantum state data 1 、i 2 、i 3 、i 4 、i 5 Quantum bits, CX denotes a CNOT gate, and θ denotes a unitary matrix adjustable parameter for learning.
Further, the processing process of the quantum neural network model on a single code segment specifically includes:
based on the formula (1) and the formula (2), implementing unitary transformation of each word in the current code segment using formula (3):
U sw =U(θ)U enc (α) (3)
based on the formula (3), the quantum state corresponding to each word in the current code segment after being processed is measured by adopting a formula (4):
based on the formula (3), the unitary transformation U of the whole quantum circuit corresponding to the current code segment is realized by adopting a formula (5) oval And based on the formula (4) and the formula (5), the final state of the whole quantum line corresponding to the processed current code segment is measured by adopting the formula (6)
Wherein j represents the jth word, U oval Unitary transformation, U, representing an overall quantum line corresponding to a current code segment sw Representing a single sheet in a code fragmentUnitary transformation in word processing, H denotes a Hadamard gate,representing the quantum state of a quantum wire after processing a single word in a code segment,indicating the initial state of the whole quantum line corresponding to the code segment max Is the maximum length of a code segmentAndrespectively represent the l-th of the code segment max U (theta) and U of a word enc (α)。
Further, the expectation of the measured line output is calculated using equation (7):
wherein Z represents a Hamiltonian, Z represents a Poyley matrix, and I represents an identity matrix.
In another aspect, the present invention provides a software vulnerability detection apparatus based on a quantum neural network, including:
the positioning module is used for positioning the API function in the target program to be detected;
the slicing module is used for slicing the target program to be detected according to the API function to obtain a plurality of code segments;
the standardization module is used for standardizing variable names and/or function names in each code segment;
the encoding module is used for constructing a dictionary based on the standardized code segments, then encoding each word in the dictionary according to a binary encoding mode to obtain a binary vector corresponding to each word, and then performing quantum state angle encoding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
and the measuring module is used for inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on the quantum neural network to obtain the vulnerability in the target program to be detected.
Further, the structure of the quantum neural network model comprises three parts: the first part is a coding circuit for quantum state preparation, which is composed of a series of non-adaptive quantum gates; the second part is an ansatz line consisting of a series of quantum gates with adaptive parameters; the third part is the measurement circuitry for extracting the output.
The invention has the beneficial effects that:
the invention provides a software vulnerability detection device based on a quantum neural network, which effectively relieves the memory bottleneck problem existing in classical calculation. In addition, the capacity of the classical neural network is limited by the size of training data, the upper limit of vulnerability detection capacity is greatly influenced, and the quantum parallelism enables the quantum neural network to have natural advantages in data processing, so that more accurate vulnerability detection can be realized.
Drawings
Fig. 1 is a schematic flowchart of a software vulnerability detection method based on a quantum neural network according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a training process of a quantum neural network-based software vulnerability detection model according to an embodiment of the present invention;
fig. 3 is a schematic diagram of API function positioning, code slicing and normalization processes according to vulnerability indication information according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a quantum neural network provided in an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a software vulnerability detection apparatus based on a quantum neural network according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
As shown in fig. 1, an embodiment of the present invention provides a software vulnerability detection method based on a quantum neural network, including the following steps:
s101: positioning an API function in a target program to be detected;
specifically, in order to increase the positioning speed, before performing step S101, a target program to be detected may be preprocessed, specifically: and deleting the non-ASCII characters and the comments in the source code of the target program to be detected.
S102: slicing the target program to be detected according to the API function to obtain a plurality of code segments;
specifically, the slicing process is illustrated in the following with reference to fig. 3, and is not described herein again.
It should be noted that the API function call is divided into a forward API function call and a backward API function call. A forward API call refers to API parameters that receive data directly from a socket, while a backward API call refers to API parameters that do not receive data directly from a socket, such as a stack length setting. For forward API function calls, the uncontrollable input source of API parameters is more important. Parameter setting passing is more important for backward API function calls.
S103: standardizing variable names and/or function names in each code segment;
specifically, the variable names are normalized to "VAR1", "VAR2", and the like in the order of appearance in units of code fragments. Meanwhile, function names are normalized to "FUN1", "FUN2", and the like in the order of appearance. Therefore, the generalization capability of the model can be improved, and the quantum neural network can learn the reason of the vulnerability instead of learning the reason of the specific API function call.
S104: constructing a dictionary based on the standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
specifically, the process of performing quantum state angle coding on the word vector corresponding to each word to obtain the quantum state corresponding to each word is performed by applying a set of unitary matrix calculation (see formula (1) below), and the parameters of the unitary matrix calculation are determined by the binary vector obtained by binary coding. This step can use log by using binary coding and angle coding 2 N quantum bits are used for representing dictionary information containing N words, and the advantages of quantum computing are fully exerted.
S105: and inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on a quantum neural network to obtain the vulnerability in the target program to be detected.
The embodiment of the invention roughly defines the concept of software bugs as an uncontrollable input source and dangerous program call. And taking the API function call as a research object, slicing the vulnerability triggering key points, and slicing the related codes to form code segments. The method comprises the steps of performing word segmentation coding on the quantum circuit, inputting the word segmentation coding into a quantum neural network for calculation, measuring a Hamiltonian expected value of a final state of the quantum circuit, and realizing vulnerability detection based on the quantum neural network. It is well known that the capabilities of classical neural networks are limited by the size of the training data, which greatly affects the upper bound of vulnerability detection capabilities. The embodiment of the invention combines quantum computation, and effectively solves the problem of memory bottleneck existing in the classical neural network.
On the basis of the foregoing embodiment, as an implementable manner, as shown in fig. 2, the training process of the quantum neural network-based software vulnerability detection model includes:
step A1: collecting a program with known vulnerability information as a training program;
step A2: locating an API function in the training program;
step A3: slicing the training program according to the API function to obtain a plurality of code segments;
step A4: judging whether each code segment has a bug, and respectively setting different labels for the code segments with the bugs and the code segments without the bugs;
specifically, each code segment is labeled according to vulnerability indicating information (such as vulnerability description of the SARD data set). If the code segment has a bug, marking the code segment as 1; otherwise, it is marked 0.
Step A5: standardizing variable names and/or function names in each code segment;
for example, fig. 3 is a schematic diagram illustrating API function locating, slicing and normalizing processes performed on a target program according to vulnerability indication information. The black bold part in the upper left corner picture in fig. 3 is vulnerability indicating information, according to the vulnerability indicating information, memcpy in the lower left corner picture (source code) can be located, then the upper right corner picture is obtained by slicing, and the lower right corner picture can be obtained by standardizing the content in the upper right corner picture.
Step A6: constructing a dictionary based on the standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
step A7: dividing all code segments into a training set (a training program shown in figure 2) and a verification set (a test program shown in figure 2), inputting quantum state data and corresponding labels of each code segment in the training set into a quantum neural network model for training, testing the trained quantum neural network model by adopting the quantum state data of each code segment in the verification set, taking the quantum neural network model with a test result meeting given performance requirements as a trained software vulnerability detection model based on the quantum neural network, and then performing software vulnerability detection on a target program based on the trained software vulnerability detection model based on the quantum neural network.
On the basis of the above embodiments, as an implementation manner, as shown in fig. 4, the structure of the quantum neural network model includes three parts: the first part is an encoding circuit for quantum state preparation, which is composed of a series of non-adaptive quantum gates; the second part is an ansatz line composed of a series of quantum gates with adaptive parameters; the third part is a measuring circuit for extracting output;
wherein the first portion comprises a series of Hadamard gates and a series of R respectively connected to the series of Hadamard gates x A door; wherein the Hadamard gate is configured to place the quantum states of the individual words into a superposition state, and the R x The gate is used to perform an angular rotation of the qubit, i.e. a quantum state angular encoding, representing the binary vector of each word as a quantum state. It should be noted that, as shown in fig. 4, only the Hadamard gate is used in the first initial state superposition, and only R is used instead of the Hadamard gate in each subsequent iterative operation x And a door.
As an embodiment, the unitary transform of the coded line is represented by equation (1):
wherein, U enc (α) represents the unitary transformation of the line encoding a single word, i represents the ith bit in the binary vector, (e.g., the decimal representation of the word char in the dictionary is 6, and the number of quantum bits n used in this embodiment is n q Is 8, then char corresponds to binary vector 00000110, i represents the ith bit in the binary vector), n q Representing the number of qubits, alpha representing a line parameter encoding a single word,the tensor product is represented.
Using a series of said R by employing equation (1) x The encoding method of the gate rotating the quantum bit angle will not have the quantum entanglement, the classical information node is only replaced by the parameter quantum node.
As an implementable way, the unitary transform of the ansatz line is represented by equation (2):
where U (θ) represents a unitary transformation of an ansatz line on a single word, i 1 、i 2 、i 3 、i 4 、i 5 Respectively represent the ith in quantum state data 1 、i 2 、i 3 、i 4 、i 5 Quantum bits, CX denotes a CNOT gate, and θ denotes a unitary matrix adjustable parameter for learning.
As shown in FIG. 4, in a quantum wire, a word corresponds to a set of U' s sw All U of sw The processing process of the quantum neural network model on a single code segment based on the quantum line shown in fig. 4 specifically includes the following steps:
based on the formula (1) and the formula (2), implementing unitary transformation of each word in the current code segment by using formula (3):
U sw =U(θ)U enc (α) (3)
based on the formula (3), the quantum state corresponding to each word in the current code segment after being processed is measured by adopting a formula (4):
based on the formula (3), the unitary transformation U of the whole quantum circuit corresponding to the current code segment is realized by adopting a formula (5) oval And based on the formula (4) and the formula (5), the final state of the whole quantum line corresponding to the processed current code segment is measured by adopting the formula (6)
Where j denotes the jth word, U oval Unitary transformation, U, representing an overall quantum line corresponding to a current code segment sw Representing a unitary transform when processing a single word in a code segment, H representing a Hadamard gate,representing the quantum state of a quantum wire after processing a single word in a code fragment,indicating the initial state of the whole quantum line corresponding to the code segment max Is the maximum length of a code segment,andrespectively representing the l-th code segment max U (theta) and U of a word enc (α)。
In particular, U sw For processing single words in code fragments, by pairing U sw Carry out l max After the computation iteration, the unitary transformation for the whole code segment process, i.e. the unitary transformation for the whole quantum wire, can be obtained.
From the above, the Ansatz line is a proposed line composed of a series of quantum gates with adaptive parameters, and the parameters in the line are adjustable (mostly, the angle of the rotating gate), and by constructing the loss function, the parameters in the Ansatz line are continuously adjusted until the loss function is reduced to convergence (at this time, the loss function reaches an optimal value or a suboptimal value), which means that the training process of the quantum neural network is completed.
As an implementable manner, the expectation of the measured line output is calculated using equation (7):
wherein Z represents a Hamiltonian, Z represents a Poyle matrix, I represents an identity matrix,the tensor product is represented.
Specifically, based on the measurement of the expected value of the Hamiltonian of the final state of the quantum circuit, leak detection based on a quantum neural network is achieved.
Example 2
As shown in fig. 5, an embodiment of the present invention further provides a software vulnerability detection apparatus based on a quantum neural network, including: the device comprises a positioning module, a slicing module, a standardization module, a coding module and a measurement module; wherein:
the positioning module is used for positioning the API function in the target program to be detected. And the slicing module is used for slicing the target program to be detected according to the API function to obtain a plurality of code segments. The standardization module is used for standardizing variable names and/or function names in each code segment. The encoding module is used for constructing a dictionary based on the standardized code segments, then encoding each word in the dictionary according to a binary encoding mode to obtain a binary vector corresponding to each word, and then performing quantum state angle encoding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word. And the measuring module is used for inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on the quantum neural network to obtain the vulnerability in the target program to be detected.
As an implementation, the structure of the quantum neural network model includes three parts: the first part is an encoding circuit for quantum state preparation, which is composed of a series of non-adaptive quantum gates; the second part is an ansatz line consisting of a series of quantum gates with adaptive parameters; the third part is a measurement line for extracting the output.
Although the vulnerability mining based on the classical machine learning has related work, the detection capability is in direct proportion to the size of the training data. As more information is added to the neural network, both training time and memory consumption of the learning phase increase. By utilizing quantum mechanical properties (e.g., superposition and entanglement of quantum states), the quantum neural network can process such classical information during the training process, thereby improving the accuracy of convergence. Therefore, the method provided by the invention not only verifies the feasibility of vulnerability mining based on the quantum neural network, but also shows the profound prospect of network security application based on the quantum neural network.
In the field of large-scale vulnerability detection, the length of a vulnerability program is longer, and a lexical structure is more complex. Experimental results show that in the field of vulnerability detection, the method and the device provided by the invention can effectively solve the problem of inconsistent input lengths of the quantum neural network. In addition, the method can fully exert the advantages of quantum computation and realize a vulnerability detection model at the cost of a small amount of measurement.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (4)
1. The software vulnerability detection method based on the quantum neural network is characterized by comprising the following steps:
step 1: positioning an API function in a target program to be detected;
step 2: slicing the target program to be detected according to the API function to obtain a plurality of code segments;
and step 3: standardizing variable names and/or function names in each code segment;
and 4, step 4: constructing a dictionary based on the standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
and 5: inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on a quantum neural network to obtain a vulnerability in the target program to be detected; the structure of the quantum neural network model comprises three parts: the first part is an encoding circuit for quantum state preparation, which is composed of a series of non-adaptive quantum gates; the second part is an ansatz line consisting of a series of quantum gates with adaptive parameters; the third part is a measuring circuit for extracting output; in the process of training a quantum neural network model to obtain a trained software vulnerability detection model based on the quantum neural network, a unitary transformation of the coding line is represented by a formula (1):
wherein the content of the first and second substances,a unitary transform representing a line encoding a single word,irepresenting the second in a binary vectoriThe number of bits is set to be,which is indicative of the number of qubits,representing the line parameters that encode a single word,a product of a set of tensors is represented,to representDoor operation;
the unitary transform of the ansatz line is represented by equation (2):
wherein, the first and the second end of the pipe are connected with each other,U(theta) to represent a unitary transformation of an ansatz line on a single word,i 1 、i 2 、i 3 、i 4 、i 5 respectively represent the first in quantum state datai 1 、i 2 、i 3 、i 4 、i 5 A sub-set of bits of the quantum bit,CXdenotes a CNOT gate, theta denotes a unitary matrix adjustable parameter for learning,representDoor operation;
the unitary transformation for each word in the current code segment is implemented using equation (3):
based on the formula (3), the quantum state corresponding to each word in the current code segment after being processed is measured by adopting a formula (4):
based on the formula (3), the unitary transformation of the whole quantum circuit corresponding to the current code segment is realized by adopting a formula (5)And based on the formula (4) and the formula (5), the final state of the whole quantum line corresponding to the processed current code segment is measured by adopting the formula (6):
Wherein the content of the first and second substances,jis shown asjThe number of the individual words is,a unitary transform representing the entire quantum wire to which the current code segment corresponds,representing a unitary transformation when processing a single word in a code segment,Hshowing a Hadamard gate and a method of,representing the quantum state of a quantum wire after processing a single word in a code segment,represents the initial state of the whole quantum wire corresponding to the code segment,l max is the maximum length of a code segment,andrespectively represent the first in the code segmentl max Of a single wordAnd, andrespectively representing the 1 st word in a code segmentAnd,andrespectively representing the 2 nd word in the code segmentAnd。
2. the quantum neural network-based software vulnerability detection method according to claim 1, wherein the training process of the quantum neural network-based software vulnerability detection model comprises:
step A1: collecting a program with known vulnerability information as a training program;
step A2: locating an API function in the training program;
step A3: slicing the training program according to the API function to obtain a plurality of code segments;
step A4: judging whether each code segment has a bug, and respectively setting different labels for the code segments with the bugs and the code segments without the bugs;
step A5: standardizing variable names and/or function names in each code segment;
step A6: constructing a dictionary based on the plurality of standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
step A7: dividing all code segments into a training set and a verification set, inputting the quantum state data of each code segment in the training set and a corresponding label into a quantum neural network model for training, testing the trained quantum neural network model by adopting the quantum state data of each code segment in the verification set, and taking the quantum neural network model with the test result meeting the given performance requirement as a trained software vulnerability detection model based on the quantum neural network.
3. The quantum neural network-based software vulnerability detection method according to claim 1, wherein the expectation of the measurement line output is calculated using formula (7):
4. Software vulnerability detection device based on quantum neural network, its characterized in that includes:
the positioning module is used for positioning the API function in the target program to be detected;
the slicing module is used for slicing the target program to be detected according to the API function to obtain a plurality of code segments;
the standardization module is used for standardizing variable names and/or function names in each code segment;
the encoding module is used for constructing a dictionary based on the standardized code segments, then encoding each word in the dictionary according to a binary encoding mode to obtain a binary vector corresponding to each word, and then performing quantum state angle encoding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
the measuring module is used for inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on a quantum neural network to obtain a vulnerability in the target program to be detected; the structure of the quantum neural network model comprises three parts: the first part is an encoding circuit for quantum state preparation, which is composed of a series of non-adaptive quantum gates; the second part is an ansatz line consisting of a series of quantum gates with adaptive parameters; the third part is a measuring circuit for extracting output;
in the process of training the quantum neural network model to obtain the trained software vulnerability detection model based on the quantum neural network,
the unitary transformation of the coded line is represented by equation (1):
wherein the content of the first and second substances,a unitary transform representing a line encoding a single word,irepresenting the first in a binary vectoriThe number of bits is set to be,which is indicative of the number of qubits,representing the line parameters that encode a single word,a product of a set of tensors is represented,to representDoor operation;
the unitary transform of the ansatz line is represented by equation (2):
wherein the content of the first and second substances,U(theta) to represent a unitary transformation of an ansatz line on a single word,i 1 、i 2 、i 3 、i 4 、i 5 respectively represent the first in quantum state datai 1 、i 2 、i 3 、i 4 、i 5 A sub-set of bits of the quantum bit,CXdenotes a CNOT gate, θRepresents the tunable parameters of the unitary matrix for learning,representDoor operation;
the unitary transformation for each word in the current code segment is implemented using equation (3):
based on the formula (3), the quantum state corresponding to each word in the current code segment after being processed is measured by adopting a formula (4):
based on the formula (3), the unitary transformation of the whole quantum circuit corresponding to the current code segment is realized by adopting a formula (5)And based on the formula (4) and the formula (5), the final state of the whole quantum line corresponding to the processed current code segment is measured by adopting the formula (6):
Wherein, the first and the second end of the pipe are connected with each other,jis shown asjThe number of the individual words is,a unitary transform representing the entire quantum wire to which the current code segment corresponds,representing a unitary transformation when processing a single word in a code segment,Ha Hadamard gate is shown and,representing the quantum state of a quantum wire after processing a single word in a code fragment,represents the initial state of the whole quantum wire corresponding to the code segment,is the maximum length of a code segment,andrespectively represent the first in the code segmentl max Of a wordAnd, andrespectively representing the 1 st word in a code segmentAnd,andrespectively representing the 2 nd word in a code segmentAnd。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210367516.4A CN114676437B (en) | 2022-04-08 | 2022-04-08 | Software vulnerability detection method and device based on quantum neural network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210367516.4A CN114676437B (en) | 2022-04-08 | 2022-04-08 | Software vulnerability detection method and device based on quantum neural network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114676437A CN114676437A (en) | 2022-06-28 |
CN114676437B true CN114676437B (en) | 2023-01-20 |
Family
ID=82078598
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210367516.4A Active CN114676437B (en) | 2022-04-08 | 2022-04-08 | Software vulnerability detection method and device based on quantum neural network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114676437B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115632660B (en) * | 2022-12-22 | 2023-03-17 | 山东海量信息技术研究院 | Data compression method, device, equipment and medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107885999A (en) * | 2017-11-08 | 2018-04-06 | 华中科技大学 | A kind of leak detection method and system based on deep learning |
WO2021223974A1 (en) * | 2020-05-06 | 2021-11-11 | International Business Machines Corporation | Quantum computing machine learning for security threats |
CN113792881A (en) * | 2021-09-17 | 2021-12-14 | 北京百度网讯科技有限公司 | Model training method and device, electronic device and medium |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110222512B (en) * | 2019-05-21 | 2021-04-20 | 华中科技大学 | Software vulnerability intelligent detection and positioning method and system based on intermediate language |
CN114254323A (en) * | 2021-11-11 | 2022-03-29 | 中国人民解放军战略支援部队信息工程大学 | Software vulnerability analysis method and system based on PCODE and Bert |
-
2022
- 2022-04-08 CN CN202210367516.4A patent/CN114676437B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107885999A (en) * | 2017-11-08 | 2018-04-06 | 华中科技大学 | A kind of leak detection method and system based on deep learning |
WO2021223974A1 (en) * | 2020-05-06 | 2021-11-11 | International Business Machines Corporation | Quantum computing machine learning for security threats |
CN113792881A (en) * | 2021-09-17 | 2021-12-14 | 北京百度网讯科技有限公司 | Model training method and device, electronic device and medium |
Non-Patent Citations (4)
Title |
---|
A hybrid classical-quantum work;Lee J. O"Riordan等;《arXiv》;20200412;第1-13页 * |
Classification with Quantum Machine Learning:;Zainab Abohashima 等;《arXiv》;20200622;第1-16页 * |
基于混合量子−经典神经网络模型的股价预测;张晓旭 等;《电子科技大学学报》;20220131;第16-23页 * |
量子神经网络在自然语言处理中的应用;lvmingfu;《https://gitee.com/mindspore/docs/blob/r1.5/docs/mindquantum/docs/source_zh_cn/qnn_for_nlp.ipynb》;20211222;第1-4页 * |
Also Published As
Publication number | Publication date |
---|---|
CN114676437A (en) | 2022-06-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210209410A1 (en) | Method and apparatus for classification of wafer defect patterns as well as storage medium and electronic device | |
CN112001498B (en) | Data identification method and device based on quantum computer and readable storage medium | |
WO2019169719A1 (en) | Automatic abstract extraction method and apparatus, and computer device and storage medium | |
CN109977014B (en) | Block chain-based code error identification method, device, equipment and storage medium | |
CN114676437B (en) | Software vulnerability detection method and device based on quantum neural network | |
CN114821217B (en) | Image recognition method and device based on quantum classical hybrid neural network | |
CN114047929B (en) | Knowledge enhancement-based user defined function identification method, device and medium | |
CN111279369A (en) | Short depth circuit as quantum classifier | |
WO2017132545A1 (en) | Systems and methods for generative learning | |
CN113111908A (en) | BERT (binary inverse transcription) anomaly detection method and equipment based on template sequence or word sequence | |
CN113886550A (en) | Question-answer matching method, device, equipment and storage medium based on attention mechanism | |
CN114358319A (en) | Machine learning framework-based classification method and related device | |
Li et al. | Sub-selective quantization for large-scale image search | |
WO2023231511A1 (en) | Quantum data loading method and apparatus, device, and readable storage medium | |
CN115130110B (en) | Vulnerability discovery method, device, equipment and medium based on parallel integrated learning | |
CN116595537A (en) | Vulnerability detection method of generated intelligent contract based on multi-mode features | |
CN116910657A (en) | Fault diagnosis method and equipment based on unsupervised learning | |
CN114764619B (en) | Convolution operation method and device based on quantum circuit | |
CN114974405A (en) | Quantum GNN-based binding energy prediction method | |
CN115328753A (en) | Fault prediction method and device, electronic equipment and storage medium | |
CN113420869A (en) | Translation method based on omnidirectional attention and related equipment thereof | |
KR102459816B1 (en) | Method for completing low-rank matrix with self-expressiveness | |
Placidi et al. | MNISQ: A Large-Scale Quantum Circuit Dataset for Machine Learning on/for Quantum Computers in the NISQ era | |
WO2022045938A1 (en) | Solving a system of linear equations | |
US20220366314A1 (en) | Quantum Computing Device in a Support Vector Machine Algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |