Abstract With the wide application of open source software, the security of open source components has become a non-negligible problem in software development. In this paper, based on the research on deep learning algorithms, the deep reinforcement learning algorithm DQN is proposed, and the DQN-LightGBM model is constructed by combining LightGBM classifiers to achieve better mining performance. This model introduces the attention mechanism and BiLSTM network, and the TextACBL vulnerability identification algorithm is proposed. In the end, the performance of the open source component vulnerability mining model is evaluated to investigate its impact on vulnerability identification, risk assessment, and dependency analysis of open source components. The results show that the performance of DQN-LightGBM model is above 0.9 in accuracy, checking accuracy, checking completeness, AUC value, and F1, and the mining completion time is only 54s, which is the best. The accuracy of TextACBL model in identifying the types of vulnerabilities is above 94%, and the vulnerability danger levels on the seven items measured are high, low, high, high, and high risk, respectively, medium risk, high risk, and medium risk. The differences in the global graph features of the identified normal and vulnerability samples are obvious, and there are frequent dependencies in the probability graphs of the opcodes of the vulnerability samples. This study allows for the assessment of security risks of open source components and the comprehensive, accurate, and efficient conduct of dependency analysis.
Read full abstract