CN114676437B - Software vulnerability detection method and device based on quantum neural network - Google Patents

Software vulnerability detection method and device based on quantum neural network Download PDF

Info

Publication number
CN114676437B
CN114676437B CN202210367516.4A CN202210367516A CN114676437B CN 114676437 B CN114676437 B CN 114676437B CN 202210367516 A CN202210367516 A CN 202210367516A CN 114676437 B CN114676437 B CN 114676437B
Authority
CN
China
Prior art keywords
quantum
word
code segment
neural network
formula
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210367516.4A
Other languages
Chinese (zh)
Other versions
CN114676437A (en
Inventor
单征
周鑫
庞建民
王俊超
岳峰
夏冰
舒国强
刘福东
刘文甫
许瑾晨
郭佳郁
赵博
宋智辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University of PLA Strategic Support Force
Original Assignee
Information Engineering University of PLA Strategic Support Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Engineering University of PLA Strategic Support Force filed Critical Information Engineering University of PLA Strategic Support Force
Priority to CN202210367516.4A priority Critical patent/CN114676437B/en
Publication of CN114676437A publication Critical patent/CN114676437A/en
Application granted granted Critical
Publication of CN114676437B publication Critical patent/CN114676437B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N10/00Quantum computing, i.e. information processing based on quantum-mechanical phenomena
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Mathematical Physics (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Condensed Matter Physics & Semiconductors (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Medical Informatics (AREA)
  • Image Analysis (AREA)

Abstract

The invention provides a software vulnerability detection method and device based on a quantum neural network. The method comprises the following steps: step 1: positioning an API function in a target program to be detected; and 2, step: slicing the target program to be detected according to the API function to obtain a plurality of code segments; and step 3: standardizing variable names and/or function names in each code segment; and 4, step 4: constructing a dictionary based on the plurality of standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word; and 5: and inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on a quantum neural network to obtain the vulnerability in the target program to be detected.

Description

Software vulnerability detection method and device based on quantum neural network
Technical Field
The invention relates to the technical field of quantum computing and network security, in particular to a software vulnerability detection method and device based on a quantum neural network.
Background
With the rapid development and popularization of networks, network security is still a key problem to be solved urgently in the industry. Software vulnerability detection has been studied as a core problem of network security, such as static analysis and dynamic analysis. With the advent of machine learning technology, machine learning-based software vulnerability detection has become a hotspot. Currently, the field mainly includes attribute-based software code measurement, code similarity detection, and the like.
Although classical machine learning has proven to be suitable for software vulnerability detection, the study has certain limitations, mainly manifested in the following areas: (1) The software vulnerability characteristics are defined depending on security experts, only known vulnerability information can be mined, and because unknown vulnerability information cannot be mined in an actual application environment, the application range is relatively limited; (2) The vulnerability detection capability based on the neural network is in direct proportion to the scale of the training data, and the training cost of the neural network is increased due to the expansion of the training data; (3) The memory storage space required by large-scale neural network training is also extremely large, and the expansion of the structure of the classical neural network can cause the storage performance bottleneck of the classical computer.
Disclosure of Invention
The invention provides a software vulnerability detection method and device based on a quantum neural network, aiming at the problem that software vulnerability detection based on classical machine learning has certain limitation.
In one aspect, the invention provides a software vulnerability detection method based on a quantum neural network, which comprises the following steps:
step 1: positioning an API function in a target program to be detected;
and 2, step: slicing the target program to be detected according to the API function to obtain a plurality of code segments;
and step 3: standardizing variable names and/or function names in each code segment;
and 4, step 4: constructing a dictionary based on the plurality of standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
and 5: and inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on a quantum neural network to obtain the vulnerability in the target program to be detected.
Further, the training process of the quantum neural network-based software vulnerability detection model comprises the following steps:
step A1: collecting a program with known vulnerability information as a training program;
step A2: locating an API function in the training program;
step A3: slicing the training program according to the API function to obtain a plurality of code segments;
step A4: judging whether each code segment has a bug or not, and setting different labels for the code segments with the bug and the code segments without the bug respectively;
step A5: standardizing variable names and/or function names in each code segment;
step A6: constructing a dictionary based on the plurality of standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
step A7: dividing all code segments into a training set and a verification set, inputting quantum state data of each code segment in the training set and a corresponding label into a quantum neural network model for training, testing the trained quantum neural network model by adopting the quantum state data of each code segment in the verification set, and taking the quantum neural network model with a test result meeting given performance requirements as a trained software vulnerability detection model based on the quantum neural network.
Further, the structure of the quantum neural network model comprises three parts: the first part is a coding circuit for quantum state preparation, which is composed of a series of non-adaptive quantum gates; the second part is an ansatz line consisting of a series of quantum gates with adaptive parameters; the third part is a measurement line for extracting the output.
Further, the unitary transform of the coded line is represented by equation (1):
Figure BDA0003587726290000021
wherein, U enc (α) denotes a unitary transform of a coding line for a single word, i denotes the ith bit in a binary vector, n q Representing the number of qubits, alpha representing a line parameter encoding a single word,
Figure BDA0003587726290000022
the tensor product is represented.
Further, the unitary transform of the ansatz line is represented by equation (2):
Figure BDA0003587726290000031
wherein U (theta) represents a pairUnitary transformation of single words on ansatz lines, i 1 、i 2 、i 3 、i 4 、i 5 Respectively represent the ith in quantum state data 1 、i 2 、i 3 、i 4 、i 5 Quantum bits, CX denotes a CNOT gate, and θ denotes a unitary matrix adjustable parameter for learning.
Further, the processing process of the quantum neural network model on a single code segment specifically includes:
based on the formula (1) and the formula (2), implementing unitary transformation of each word in the current code segment using formula (3):
U sw =U(θ)U enc (α) (3)
based on the formula (3), the quantum state corresponding to each word in the current code segment after being processed is measured by adopting a formula (4):
Figure BDA0003587726290000032
based on the formula (3), the unitary transformation U of the whole quantum circuit corresponding to the current code segment is realized by adopting a formula (5) oval And based on the formula (4) and the formula (5), the final state of the whole quantum line corresponding to the processed current code segment is measured by adopting the formula (6)
Figure BDA0003587726290000033
Figure BDA0003587726290000034
Figure BDA0003587726290000035
Wherein j represents the jth word, U oval Unitary transformation, U, representing an overall quantum line corresponding to a current code segment sw Representing a single sheet in a code fragmentUnitary transformation in word processing, H denotes a Hadamard gate,
Figure BDA0003587726290000036
representing the quantum state of a quantum wire after processing a single word in a code segment,
Figure BDA0003587726290000037
indicating the initial state of the whole quantum line corresponding to the code segment max Is the maximum length of a code segment
Figure BDA0003587726290000041
And
Figure BDA0003587726290000042
respectively represent the l-th of the code segment max U (theta) and U of a word enc (α)。
Further, the expectation of the measured line output is calculated using equation (7):
Figure BDA0003587726290000043
wherein Z represents a Hamiltonian, Z represents a Poyley matrix, and I represents an identity matrix.
In another aspect, the present invention provides a software vulnerability detection apparatus based on a quantum neural network, including:
the positioning module is used for positioning the API function in the target program to be detected;
the slicing module is used for slicing the target program to be detected according to the API function to obtain a plurality of code segments;
the standardization module is used for standardizing variable names and/or function names in each code segment;
the encoding module is used for constructing a dictionary based on the standardized code segments, then encoding each word in the dictionary according to a binary encoding mode to obtain a binary vector corresponding to each word, and then performing quantum state angle encoding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
and the measuring module is used for inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on the quantum neural network to obtain the vulnerability in the target program to be detected.
Further, the structure of the quantum neural network model comprises three parts: the first part is a coding circuit for quantum state preparation, which is composed of a series of non-adaptive quantum gates; the second part is an ansatz line consisting of a series of quantum gates with adaptive parameters; the third part is the measurement circuitry for extracting the output.
The invention has the beneficial effects that:
the invention provides a software vulnerability detection device based on a quantum neural network, which effectively relieves the memory bottleneck problem existing in classical calculation. In addition, the capacity of the classical neural network is limited by the size of training data, the upper limit of vulnerability detection capacity is greatly influenced, and the quantum parallelism enables the quantum neural network to have natural advantages in data processing, so that more accurate vulnerability detection can be realized.
Drawings
Fig. 1 is a schematic flowchart of a software vulnerability detection method based on a quantum neural network according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a training process of a quantum neural network-based software vulnerability detection model according to an embodiment of the present invention;
fig. 3 is a schematic diagram of API function positioning, code slicing and normalization processes according to vulnerability indication information according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a quantum neural network provided in an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a software vulnerability detection apparatus based on a quantum neural network according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
As shown in fig. 1, an embodiment of the present invention provides a software vulnerability detection method based on a quantum neural network, including the following steps:
s101: positioning an API function in a target program to be detected;
specifically, in order to increase the positioning speed, before performing step S101, a target program to be detected may be preprocessed, specifically: and deleting the non-ASCII characters and the comments in the source code of the target program to be detected.
S102: slicing the target program to be detected according to the API function to obtain a plurality of code segments;
specifically, the slicing process is illustrated in the following with reference to fig. 3, and is not described herein again.
It should be noted that the API function call is divided into a forward API function call and a backward API function call. A forward API call refers to API parameters that receive data directly from a socket, while a backward API call refers to API parameters that do not receive data directly from a socket, such as a stack length setting. For forward API function calls, the uncontrollable input source of API parameters is more important. Parameter setting passing is more important for backward API function calls.
S103: standardizing variable names and/or function names in each code segment;
specifically, the variable names are normalized to "VAR1", "VAR2", and the like in the order of appearance in units of code fragments. Meanwhile, function names are normalized to "FUN1", "FUN2", and the like in the order of appearance. Therefore, the generalization capability of the model can be improved, and the quantum neural network can learn the reason of the vulnerability instead of learning the reason of the specific API function call.
S104: constructing a dictionary based on the standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
specifically, the process of performing quantum state angle coding on the word vector corresponding to each word to obtain the quantum state corresponding to each word is performed by applying a set of unitary matrix calculation (see formula (1) below), and the parameters of the unitary matrix calculation are determined by the binary vector obtained by binary coding. This step can use log by using binary coding and angle coding 2 N quantum bits are used for representing dictionary information containing N words, and the advantages of quantum computing are fully exerted.
S105: and inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on a quantum neural network to obtain the vulnerability in the target program to be detected.
The embodiment of the invention roughly defines the concept of software bugs as an uncontrollable input source and dangerous program call. And taking the API function call as a research object, slicing the vulnerability triggering key points, and slicing the related codes to form code segments. The method comprises the steps of performing word segmentation coding on the quantum circuit, inputting the word segmentation coding into a quantum neural network for calculation, measuring a Hamiltonian expected value of a final state of the quantum circuit, and realizing vulnerability detection based on the quantum neural network. It is well known that the capabilities of classical neural networks are limited by the size of the training data, which greatly affects the upper bound of vulnerability detection capabilities. The embodiment of the invention combines quantum computation, and effectively solves the problem of memory bottleneck existing in the classical neural network.
On the basis of the foregoing embodiment, as an implementable manner, as shown in fig. 2, the training process of the quantum neural network-based software vulnerability detection model includes:
step A1: collecting a program with known vulnerability information as a training program;
step A2: locating an API function in the training program;
step A3: slicing the training program according to the API function to obtain a plurality of code segments;
step A4: judging whether each code segment has a bug, and respectively setting different labels for the code segments with the bugs and the code segments without the bugs;
specifically, each code segment is labeled according to vulnerability indicating information (such as vulnerability description of the SARD data set). If the code segment has a bug, marking the code segment as 1; otherwise, it is marked 0.
Step A5: standardizing variable names and/or function names in each code segment;
for example, fig. 3 is a schematic diagram illustrating API function locating, slicing and normalizing processes performed on a target program according to vulnerability indication information. The black bold part in the upper left corner picture in fig. 3 is vulnerability indicating information, according to the vulnerability indicating information, memcpy in the lower left corner picture (source code) can be located, then the upper right corner picture is obtained by slicing, and the lower right corner picture can be obtained by standardizing the content in the upper right corner picture.
Step A6: constructing a dictionary based on the standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
step A7: dividing all code segments into a training set (a training program shown in figure 2) and a verification set (a test program shown in figure 2), inputting quantum state data and corresponding labels of each code segment in the training set into a quantum neural network model for training, testing the trained quantum neural network model by adopting the quantum state data of each code segment in the verification set, taking the quantum neural network model with a test result meeting given performance requirements as a trained software vulnerability detection model based on the quantum neural network, and then performing software vulnerability detection on a target program based on the trained software vulnerability detection model based on the quantum neural network.
On the basis of the above embodiments, as an implementation manner, as shown in fig. 4, the structure of the quantum neural network model includes three parts: the first part is an encoding circuit for quantum state preparation, which is composed of a series of non-adaptive quantum gates; the second part is an ansatz line composed of a series of quantum gates with adaptive parameters; the third part is a measuring circuit for extracting output;
wherein the first portion comprises a series of Hadamard gates and a series of R respectively connected to the series of Hadamard gates x A door; wherein the Hadamard gate is configured to place the quantum states of the individual words into a superposition state, and the R x The gate is used to perform an angular rotation of the qubit, i.e. a quantum state angular encoding, representing the binary vector of each word as a quantum state. It should be noted that, as shown in fig. 4, only the Hadamard gate is used in the first initial state superposition, and only R is used instead of the Hadamard gate in each subsequent iterative operation x And a door.
As an embodiment, the unitary transform of the coded line is represented by equation (1):
Figure BDA0003587726290000081
wherein, U enc (α) represents the unitary transformation of the line encoding a single word, i represents the ith bit in the binary vector, (e.g., the decimal representation of the word char in the dictionary is 6, and the number of quantum bits n used in this embodiment is n q Is 8, then char corresponds to binary vector 00000110, i represents the ith bit in the binary vector), n q Representing the number of qubits, alpha representing a line parameter encoding a single word,
Figure BDA0003587726290000082
the tensor product is represented.
Using a series of said R by employing equation (1) x The encoding method of the gate rotating the quantum bit angle will not have the quantum entanglement, the classical information node is only replaced by the parameter quantum node.
As an implementable way, the unitary transform of the ansatz line is represented by equation (2):
Figure BDA0003587726290000083
where U (θ) represents a unitary transformation of an ansatz line on a single word, i 1 、i 2 、i 3 、i 4 、i 5 Respectively represent the ith in quantum state data 1 、i 2 、i 3 、i 4 、i 5 Quantum bits, CX denotes a CNOT gate, and θ denotes a unitary matrix adjustable parameter for learning.
As shown in FIG. 4, in a quantum wire, a word corresponds to a set of U' s sw All U of sw The processing process of the quantum neural network model on a single code segment based on the quantum line shown in fig. 4 specifically includes the following steps:
based on the formula (1) and the formula (2), implementing unitary transformation of each word in the current code segment by using formula (3):
U sw =U(θ)U enc (α) (3)
based on the formula (3), the quantum state corresponding to each word in the current code segment after being processed is measured by adopting a formula (4):
Figure BDA0003587726290000091
based on the formula (3), the unitary transformation U of the whole quantum circuit corresponding to the current code segment is realized by adopting a formula (5) oval And based on the formula (4) and the formula (5), the final state of the whole quantum line corresponding to the processed current code segment is measured by adopting the formula (6)
Figure BDA0003587726290000092
Figure BDA0003587726290000093
Figure BDA0003587726290000094
Where j denotes the jth word, U oval Unitary transformation, U, representing an overall quantum line corresponding to a current code segment sw Representing a unitary transform when processing a single word in a code segment, H representing a Hadamard gate,
Figure BDA0003587726290000095
representing the quantum state of a quantum wire after processing a single word in a code fragment,
Figure BDA0003587726290000096
indicating the initial state of the whole quantum line corresponding to the code segment max Is the maximum length of a code segment,
Figure BDA0003587726290000097
and
Figure BDA0003587726290000098
respectively representing the l-th code segment max U (theta) and U of a word enc (α)。
In particular, U sw For processing single words in code fragments, by pairing U sw Carry out l max After the computation iteration, the unitary transformation for the whole code segment process, i.e. the unitary transformation for the whole quantum wire, can be obtained.
From the above, the Ansatz line is a proposed line composed of a series of quantum gates with adaptive parameters, and the parameters in the line are adjustable (mostly, the angle of the rotating gate), and by constructing the loss function, the parameters in the Ansatz line are continuously adjusted until the loss function is reduced to convergence (at this time, the loss function reaches an optimal value or a suboptimal value), which means that the training process of the quantum neural network is completed.
As an implementable manner, the expectation of the measured line output is calculated using equation (7):
Figure BDA0003587726290000099
wherein Z represents a Hamiltonian, Z represents a Poyle matrix, I represents an identity matrix,
Figure BDA0003587726290000101
the tensor product is represented.
Specifically, based on the measurement of the expected value of the Hamiltonian of the final state of the quantum circuit, leak detection based on a quantum neural network is achieved.
Example 2
As shown in fig. 5, an embodiment of the present invention further provides a software vulnerability detection apparatus based on a quantum neural network, including: the device comprises a positioning module, a slicing module, a standardization module, a coding module and a measurement module; wherein:
the positioning module is used for positioning the API function in the target program to be detected. And the slicing module is used for slicing the target program to be detected according to the API function to obtain a plurality of code segments. The standardization module is used for standardizing variable names and/or function names in each code segment. The encoding module is used for constructing a dictionary based on the standardized code segments, then encoding each word in the dictionary according to a binary encoding mode to obtain a binary vector corresponding to each word, and then performing quantum state angle encoding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word. And the measuring module is used for inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on the quantum neural network to obtain the vulnerability in the target program to be detected.
As an implementation, the structure of the quantum neural network model includes three parts: the first part is an encoding circuit for quantum state preparation, which is composed of a series of non-adaptive quantum gates; the second part is an ansatz line consisting of a series of quantum gates with adaptive parameters; the third part is a measurement line for extracting the output.
Although the vulnerability mining based on the classical machine learning has related work, the detection capability is in direct proportion to the size of the training data. As more information is added to the neural network, both training time and memory consumption of the learning phase increase. By utilizing quantum mechanical properties (e.g., superposition and entanglement of quantum states), the quantum neural network can process such classical information during the training process, thereby improving the accuracy of convergence. Therefore, the method provided by the invention not only verifies the feasibility of vulnerability mining based on the quantum neural network, but also shows the profound prospect of network security application based on the quantum neural network.
In the field of large-scale vulnerability detection, the length of a vulnerability program is longer, and a lexical structure is more complex. Experimental results show that in the field of vulnerability detection, the method and the device provided by the invention can effectively solve the problem of inconsistent input lengths of the quantum neural network. In addition, the method can fully exert the advantages of quantum computation and realize a vulnerability detection model at the cost of a small amount of measurement.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (4)

1. The software vulnerability detection method based on the quantum neural network is characterized by comprising the following steps:
step 1: positioning an API function in a target program to be detected;
step 2: slicing the target program to be detected according to the API function to obtain a plurality of code segments;
and step 3: standardizing variable names and/or function names in each code segment;
and 4, step 4: constructing a dictionary based on the standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
and 5: inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on a quantum neural network to obtain a vulnerability in the target program to be detected; the structure of the quantum neural network model comprises three parts: the first part is an encoding circuit for quantum state preparation, which is composed of a series of non-adaptive quantum gates; the second part is an ansatz line consisting of a series of quantum gates with adaptive parameters; the third part is a measuring circuit for extracting output; in the process of training a quantum neural network model to obtain a trained software vulnerability detection model based on the quantum neural network, a unitary transformation of the coding line is represented by a formula (1):
Figure DEST_PATH_IMAGE001
(1)
wherein the content of the first and second substances,
Figure 233868DEST_PATH_IMAGE002
a unitary transform representing a line encoding a single word,irepresenting the second in a binary vectoriThe number of bits is set to be,
Figure DEST_PATH_IMAGE003
which is indicative of the number of qubits,
Figure 556265DEST_PATH_IMAGE004
representing the line parameters that encode a single word,
Figure DEST_PATH_IMAGE005
a product of a set of tensors is represented,
Figure 838342DEST_PATH_IMAGE006
to represent
Figure 601899DEST_PATH_IMAGE006
Door operation;
the unitary transform of the ansatz line is represented by equation (2):
Figure DEST_PATH_IMAGE007
(2)
wherein, the first and the second end of the pipe are connected with each other,U(theta) to represent a unitary transformation of an ansatz line on a single word,i 1i 2i 3i 4i 5 respectively represent the first in quantum state datai 1i 2i 3i 4i 5 A sub-set of bits of the quantum bit,CXdenotes a CNOT gate, theta denotes a unitary matrix adjustable parameter for learning,
Figure 452174DEST_PATH_IMAGE008
represent
Figure 871654DEST_PATH_IMAGE008
Door operation;
the unitary transformation for each word in the current code segment is implemented using equation (3):
Figure 19739DEST_PATH_IMAGE009
(3)
based on the formula (3), the quantum state corresponding to each word in the current code segment after being processed is measured by adopting a formula (4):
Figure DEST_PATH_IMAGE010
(4)
based on the formula (3), the unitary transformation of the whole quantum circuit corresponding to the current code segment is realized by adopting a formula (5)
Figure DEST_PATH_IMAGE012
And based on the formula (4) and the formula (5), the final state of the whole quantum line corresponding to the processed current code segment is measured by adopting the formula (6)
Figure 168960DEST_PATH_IMAGE013
Figure DEST_PATH_IMAGE014
(5)
Figure 377088DEST_PATH_IMAGE015
(6)
Wherein the content of the first and second substances,jis shown asjThe number of the individual words is,
Figure DEST_PATH_IMAGE016
a unitary transform representing the entire quantum wire to which the current code segment corresponds,
Figure DEST_PATH_IMAGE018
representing a unitary transformation when processing a single word in a code segment,Hshowing a Hadamard gate and a method of,
Figure 861028DEST_PATH_IMAGE019
representing the quantum state of a quantum wire after processing a single word in a code segment,
Figure DEST_PATH_IMAGE020
represents the initial state of the whole quantum wire corresponding to the code segment,l max is the maximum length of a code segment,
Figure 875120DEST_PATH_IMAGE021
and
Figure DEST_PATH_IMAGE022
respectively represent the first in the code segmentl max Of a single word
Figure 816531DEST_PATH_IMAGE023
And
Figure DEST_PATH_IMAGE024
Figure 8609DEST_PATH_IMAGE025
and
Figure DEST_PATH_IMAGE026
respectively representing the 1 st word in a code segment
Figure 402681DEST_PATH_IMAGE023
And
Figure 626989DEST_PATH_IMAGE024
Figure 219645DEST_PATH_IMAGE027
and
Figure DEST_PATH_IMAGE028
respectively representing the 2 nd word in the code segment
Figure 97471DEST_PATH_IMAGE023
And
Figure 713260DEST_PATH_IMAGE024
2. the quantum neural network-based software vulnerability detection method according to claim 1, wherein the training process of the quantum neural network-based software vulnerability detection model comprises:
step A1: collecting a program with known vulnerability information as a training program;
step A2: locating an API function in the training program;
step A3: slicing the training program according to the API function to obtain a plurality of code segments;
step A4: judging whether each code segment has a bug, and respectively setting different labels for the code segments with the bugs and the code segments without the bugs;
step A5: standardizing variable names and/or function names in each code segment;
step A6: constructing a dictionary based on the plurality of standardized code segments, then coding each word in the dictionary according to a binary coding mode to obtain a binary vector corresponding to each word, and then carrying out quantum state angle coding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
step A7: dividing all code segments into a training set and a verification set, inputting the quantum state data of each code segment in the training set and a corresponding label into a quantum neural network model for training, testing the trained quantum neural network model by adopting the quantum state data of each code segment in the verification set, and taking the quantum neural network model with the test result meeting the given performance requirement as a trained software vulnerability detection model based on the quantum neural network.
3. The quantum neural network-based software vulnerability detection method according to claim 1, wherein the expectation of the measurement line output is calculated using formula (7):
Figure 741259DEST_PATH_IMAGE029
(7)
wherein, the first and the second end of the pipe are connected with each other,Zthe amount of the hamiltonian is represented,za matrix of the pauli is represented,Ithe unit matrix is represented by a matrix of units,
Figure DEST_PATH_IMAGE030
representing a quantum state.
4. Software vulnerability detection device based on quantum neural network, its characterized in that includes:
the positioning module is used for positioning the API function in the target program to be detected;
the slicing module is used for slicing the target program to be detected according to the API function to obtain a plurality of code segments;
the standardization module is used for standardizing variable names and/or function names in each code segment;
the encoding module is used for constructing a dictionary based on the standardized code segments, then encoding each word in the dictionary according to a binary encoding mode to obtain a binary vector corresponding to each word, and then performing quantum state angle encoding on the binary vector corresponding to each word to obtain a quantum state corresponding to each word;
the measuring module is used for inputting the quantum state corresponding to each word into a trained software vulnerability detection model based on a quantum neural network to obtain a vulnerability in the target program to be detected; the structure of the quantum neural network model comprises three parts: the first part is an encoding circuit for quantum state preparation, which is composed of a series of non-adaptive quantum gates; the second part is an ansatz line consisting of a series of quantum gates with adaptive parameters; the third part is a measuring circuit for extracting output;
in the process of training the quantum neural network model to obtain the trained software vulnerability detection model based on the quantum neural network,
the unitary transformation of the coded line is represented by equation (1):
Figure 765584DEST_PATH_IMAGE031
(1)
wherein the content of the first and second substances,
Figure DEST_PATH_IMAGE032
a unitary transform representing a line encoding a single word,irepresenting the first in a binary vectoriThe number of bits is set to be,
Figure 424099DEST_PATH_IMAGE033
which is indicative of the number of qubits,
Figure DEST_PATH_IMAGE034
representing the line parameters that encode a single word,
Figure 917397DEST_PATH_IMAGE005
a product of a set of tensors is represented,
Figure 749087DEST_PATH_IMAGE035
to represent
Figure 988438DEST_PATH_IMAGE035
Door operation;
the unitary transform of the ansatz line is represented by equation (2):
Figure DEST_PATH_IMAGE036
(2)
wherein the content of the first and second substances,U(theta) to represent a unitary transformation of an ansatz line on a single word,i 1i 2i 3i 4i 5 respectively represent the first in quantum state datai 1i 2i 3i 4i 5 A sub-set of bits of the quantum bit,CXdenotes a CNOT gate, θRepresents the tunable parameters of the unitary matrix for learning,
Figure 880171DEST_PATH_IMAGE037
represent
Figure 345918DEST_PATH_IMAGE037
Door operation;
the unitary transformation for each word in the current code segment is implemented using equation (3):
Figure DEST_PATH_IMAGE038
(3)
based on the formula (3), the quantum state corresponding to each word in the current code segment after being processed is measured by adopting a formula (4):
Figure 918982DEST_PATH_IMAGE039
(4)
based on the formula (3), the unitary transformation of the whole quantum circuit corresponding to the current code segment is realized by adopting a formula (5)
Figure 340736DEST_PATH_IMAGE041
And based on the formula (4) and the formula (5), the final state of the whole quantum line corresponding to the processed current code segment is measured by adopting the formula (6)
Figure DEST_PATH_IMAGE042
Figure 465687DEST_PATH_IMAGE014
(5)
Figure 340102DEST_PATH_IMAGE043
(6)
Wherein, the first and the second end of the pipe are connected with each other,jis shown asjThe number of the individual words is,
Figure 716857DEST_PATH_IMAGE016
a unitary transform representing the entire quantum wire to which the current code segment corresponds,
Figure 727538DEST_PATH_IMAGE018
representing a unitary transformation when processing a single word in a code segment,Ha Hadamard gate is shown and,
Figure 538237DEST_PATH_IMAGE019
representing the quantum state of a quantum wire after processing a single word in a code fragment,
Figure 634369DEST_PATH_IMAGE020
represents the initial state of the whole quantum wire corresponding to the code segment,
Figure 549236DEST_PATH_IMAGE045
is the maximum length of a code segment,
Figure 680003DEST_PATH_IMAGE021
and
Figure 84439DEST_PATH_IMAGE022
respectively represent the first in the code segmentl max Of a word
Figure 995763DEST_PATH_IMAGE023
And
Figure 511058DEST_PATH_IMAGE024
Figure 699594DEST_PATH_IMAGE025
and
Figure 274932DEST_PATH_IMAGE026
respectively representing the 1 st word in a code segment
Figure 345656DEST_PATH_IMAGE023
And
Figure 477691DEST_PATH_IMAGE024
Figure 583051DEST_PATH_IMAGE027
and
Figure 63711DEST_PATH_IMAGE028
respectively representing the 2 nd word in a code segment
Figure 559414DEST_PATH_IMAGE023
And
Figure 682091DEST_PATH_IMAGE024
CN202210367516.4A 2022-04-08 2022-04-08 Software vulnerability detection method and device based on quantum neural network Active CN114676437B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210367516.4A CN114676437B (en) 2022-04-08 2022-04-08 Software vulnerability detection method and device based on quantum neural network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210367516.4A CN114676437B (en) 2022-04-08 2022-04-08 Software vulnerability detection method and device based on quantum neural network

Publications (2)

Publication Number Publication Date
CN114676437A CN114676437A (en) 2022-06-28
CN114676437B true CN114676437B (en) 2023-01-20

Family

ID=82078598

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210367516.4A Active CN114676437B (en) 2022-04-08 2022-04-08 Software vulnerability detection method and device based on quantum neural network

Country Status (1)

Country Link
CN (1) CN114676437B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115632660B (en) * 2022-12-22 2023-03-17 山东海量信息技术研究院 Data compression method, device, equipment and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107885999A (en) * 2017-11-08 2018-04-06 华中科技大学 A kind of leak detection method and system based on deep learning
WO2021223974A1 (en) * 2020-05-06 2021-11-11 International Business Machines Corporation Quantum computing machine learning for security threats
CN113792881A (en) * 2021-09-17 2021-12-14 北京百度网讯科技有限公司 Model training method and device, electronic device and medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110222512B (en) * 2019-05-21 2021-04-20 华中科技大学 Software vulnerability intelligent detection and positioning method and system based on intermediate language
CN114254323A (en) * 2021-11-11 2022-03-29 中国人民解放军战略支援部队信息工程大学 Software vulnerability analysis method and system based on PCODE and Bert

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107885999A (en) * 2017-11-08 2018-04-06 华中科技大学 A kind of leak detection method and system based on deep learning
WO2021223974A1 (en) * 2020-05-06 2021-11-11 International Business Machines Corporation Quantum computing machine learning for security threats
CN113792881A (en) * 2021-09-17 2021-12-14 北京百度网讯科技有限公司 Model training method and device, electronic device and medium

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
A hybrid classical-quantum work;Lee J. O"Riordan等;《arXiv》;20200412;第1-13页 *
Classification with Quantum Machine Learning:;Zainab Abohashima 等;《arXiv》;20200622;第1-16页 *
基于混合量子−经典神经网络模型的股价预测;张晓旭 等;《电子科技大学学报》;20220131;第16-23页 *
量子神经网络在自然语言处理中的应用;lvmingfu;《https://gitee.com/mindspore/docs/blob/r1.5/docs/mindquantum/docs/source_zh_cn/qnn_for_nlp.ipynb》;20211222;第1-4页 *

Also Published As

Publication number Publication date
CN114676437A (en) 2022-06-28

Similar Documents

Publication Publication Date Title
US20210209410A1 (en) Method and apparatus for classification of wafer defect patterns as well as storage medium and electronic device
CN112001498B (en) Data identification method and device based on quantum computer and readable storage medium
WO2019169719A1 (en) Automatic abstract extraction method and apparatus, and computer device and storage medium
CN109977014B (en) Block chain-based code error identification method, device, equipment and storage medium
CN114676437B (en) Software vulnerability detection method and device based on quantum neural network
CN114821217B (en) Image recognition method and device based on quantum classical hybrid neural network
CN114047929B (en) Knowledge enhancement-based user defined function identification method, device and medium
CN111279369A (en) Short depth circuit as quantum classifier
WO2017132545A1 (en) Systems and methods for generative learning
CN113111908A (en) BERT (binary inverse transcription) anomaly detection method and equipment based on template sequence or word sequence
CN113886550A (en) Question-answer matching method, device, equipment and storage medium based on attention mechanism
CN114358319A (en) Machine learning framework-based classification method and related device
Li et al. Sub-selective quantization for large-scale image search
WO2023231511A1 (en) Quantum data loading method and apparatus, device, and readable storage medium
CN115130110B (en) Vulnerability discovery method, device, equipment and medium based on parallel integrated learning
CN116595537A (en) Vulnerability detection method of generated intelligent contract based on multi-mode features
CN116910657A (en) Fault diagnosis method and equipment based on unsupervised learning
CN114764619B (en) Convolution operation method and device based on quantum circuit
CN114974405A (en) Quantum GNN-based binding energy prediction method
CN115328753A (en) Fault prediction method and device, electronic equipment and storage medium
CN113420869A (en) Translation method based on omnidirectional attention and related equipment thereof
KR102459816B1 (en) Method for completing low-rank matrix with self-expressiveness
Placidi et al. MNISQ: A Large-Scale Quantum Circuit Dataset for Machine Learning on/for Quantum Computers in the NISQ era
WO2022045938A1 (en) Solving a system of linear equations
US20220366314A1 (en) Quantum Computing Device in a Support Vector Machine Algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant