A new semantic annotation approach for software vulnerability source code

An efficient semantic annotation approach is proposed to annotate software vulnerability source code based on the vulnerability code semantic description language (VCSDL) in this paper. A set of general annotation frameworks is proposed for two basic components: basic description information of vulnerability and vulnerability source code description information in the language. Specific annotation methods are studied for these two components, according to the annotation method of the basic description information of vulnerability. Also, the corresponding attribute in the VCSDL document structure is extracted to determine the labelling of the basic information of the vulnerability. While, according to the vulnerability source code information, the semantic annotation of the source code information of the vulnerability is implemented. The experimental results show that the proposed semantic annotation approach has a better effectiveness on the annotation of datasets with a simple code structure and a smaller scale. The success rate and accuracy of the proposed annotation are higher and the false positive rate and false negative rate are lower.