基于深度学习的Python密码学误用检测与修复方法的研究与实现

ue to the rapid development of information technology, social anxiety about information security is also increasing day by day, the misuse of cryptography seriously threatens the security of software and information transmission, and then leads to personal information leakage and other social information security problems. In the face of the growing needs of cryptography security, a method that can detect misapplication of cryptography becomes more and more important, but the traditional misapplication detection method of cryptography has problems of low efficiency and poor generalization ability. In addition, existing researches on cryptography misuse detection are mainly aimed at C and Java languages, while researches on Python cryptography misuse detection are very limited. Due to the rapid development of deep learning, the source code detection technology based on this technology has been rapidly developed. However, the existing source code cryptography misuse detection technology based on deep learning does not utilize the structural information in the code, and the input of the deep learning model based on graph neural network is different from previous studies. How to represent the code graph data is also the direction of research. Therefore, this paper proposes a representation method of Python code graph and a misuse detection method of Python cryptography based on graph neural network from two aspects: feature representation of source code graph and design of cryptography misuse detection method. Through the Python code graph representation method, the node information in the graph is enriched, so that the graph neural network model can obtain more abundant source code structure. The application of multilayer graph pooling layer in the Python cryptography misapplication detection method based on graph neural network improves the importance of key information in the code graph data in the whole graph characteristics, and thus improves the performance of model detection of Python cryptography misapplication. In this paper, the misuse of weak encryption and weak hash algorithm in the misuse of Python cryptography is used to construct the Python cryptography misuse data set, and based on this data set, the detection and repair methods proposed in this paper are compared and ablation experiments are conducted, and the feasibility of the two methods is verified through the experimental results.