Abstract: Disclosed are a method and a system for bug localization based on a code knowledge graph, including the steps of: extracting source codes from a Git version control system, parsing in the source codes to generate an abstract syntax tree (AST), constructing a code knowledge graph, preprocessing the summary and description of a bug report crawled from a Bugzilla bug tracking system, and performing the named entity recognition to identify bug-related entity sequence, converting the code knowledge graph and the bug-related entity sequence into vector representation through an embedding algorithm, calculating cosine similarities of vector representations between the code knowledge graph and the bug entity sequence, ranking the similarities from high to low to generate a list of suspicious methods, filtering redundant information in the source codes, identifying bug-related entity elements in the bug report, and reserving the bug-related information.

Abstract: Provided is an automatic event graph construction method for multi-source vulnerability information. The method includes the following steps. A vulnerability report is crawled from a vulnerability database, a cause of vulnerability is taken as an event trigger word, and a vulnerability type is determined through the cause of vulnerability. An attacker, consequence, location and other information in a description are identified by named-entity recognition, and information completion is performed. An explicit relation between events is extracted by using text information, an implicit relation between events is extracted by using text similarity, and vulnerability-related code representation is performed. Obtained vulnerability event information is visualized into an event graph through a visualization tool.