System and method for automatically detecting a security vulnerability in a source code using a machine learning model

摘要

A method for (of) automatically detecting a security vulnerability in a source code using a machine learning model, characterized in that the method includes: obtaining the source code from a client codebase, wherein the client codebase is a complete or an incomplete body of the source code for a given software program or an application; and using a machine learning (ML) model to perform a ML based analysis on an abstract syntax tree (AST) for detecting a first security vulnerability over a static source code, the machine learning based analysis comprise (i) flattening the abstract syntax tree (AST) into a sequence of structured tokens, wherein the sequence of structured tokens includes a semantic structure and a syntactic structure of the source code, (ii) implementing a natural language processing technique on the sequence of structured tokens for mapping the sequence of structured tokens to one or more integers, (iii) pre-training the machine learning model using an unlabeled source code as an input to predict a subsequent sub-token in the sequence of structured tokens and (iv) training the machine learning model on a labeled source code to predict a presence or an absence of the first security vulnerability.