融合静态和动态信息特征的代码漏洞检测研究

打开文本图片集

中图分类号：TN919-34；TP311 文献标识码：A 文章编号：1004-373X（2026）07-0074-09

引用格式：.融合静态和动态信息特征的代码漏洞检测研究[J].现代电子技术，2026，49（7）：74-82.

Abstract：Inviewofthefacthatthe solutions toDL-basedlearning programrepresentationcannotcapturedeepandaccurate programsemanticinformation，resulting infalsepositiveduringprediction，thispaperproposesamodelCL-Mamba which combinescontrastive learning andMamba.This modeloptimizes thecodesemanticrepresentationand contextunderstanding capabilitiesbyintegratingstaticinformationsuchasabstractsyntaxtree（AST），data-flowgraph（DFG），andcontrol-flowgaph （CFG）withdynamic informationof symbolic execution paths，and combining contrastivelearningandMambaarchitecture. Unsupervisedactivelearningtechnologyisusedtodeterminethesubsetof importantpathsforcolectingdynamicsymbolic executiontrajectories，soastoreducetheoverheadofsymbolicexecution.Themodelperformanceisverifiedexperimentallon threedatasetsandcomparedwithmultiplemethods，whichprovesthattheproposedmodelhassignificantadvantagesin eliminatingfalsepositiveandimprovingdetectionaccuracy.Tosumup，thismethodisaneficientsoftwaresecurityanalysistool.

Keywords：Javacodevulnerability detection;deep learning;Mamba;active learning; contrastive learning;path selection

0 引言

近年来，深度学习（DL）技术已经慢慢变成开发高效工具和模型的关键方法，这些工具和模型专门用来发现软件里那些常见的错误跟安全漏洞。（剩余15104字）