Software defects such as errors, bugs, and failures lead to poor usability and low efficiency, severely degrading the user experience. Bugs in the code are among the key areas of software defects. The exploitability of such vulnerabilities can bring about a series of security problems, such as user information leakage and network attacks. Most traditional solutions in software vulnerability detection rely on practical knowledge and experience for manual labeling and classification. Manual methods can effectively detect vulnerabilities with a high degree of attention, but those with a low degree of attention have relatively high false negative and false positive rates. Solutions based on software defect code data sets are available, which use deep learning to train software vulnerability identification models, reducing the dependence on manual knowledge and experience, but the precision rate (P) of the models and the F1 score are generally low. In this paper, based on the NVD and SARD data sets, we propose a software defect detection algorithm DouBiGRU-A that combines bidirectional gated recurrent unit (BiGRU) and an attention mechanism. In the experimental simulation, comparison with the Li-Method, bilateral long short-term memory (BiLSTM), BiGRU, and BiLSTM&Attention shows that on the CWE-399 data set, the P and F1 scores of DouBiGRU-A are 0.7% and 0.80% higher than the Li-Method, respectively. Moreover, in the CWE-399 data set, the P and F1 scores of DouBiGRU-A are 28.2% and 43.45% higher than the average values for Flawfinder and RATS, respectively. On the CWE-119 data set, the F1 score of DouBiGRU-A is 2.73% higher than the Li-Method; the P and F1 scores of DouBiGRU-A are 63.07% and 53.98% higher than the average values of Flawfinder and RATS, respectively. On the combined CWE-119&CWE-399 data set, the P and F1 scores of DouBiGRU-A are 5.22% and 4.29% higher than Li-Method, respectively. The P and F1 scores of DouBiGRU-A are 59.72% and 46.59% higher than the average values of Flawfinder and RATS, respectively.

错误、Bug、故障等软件缺陷导致可用性差、效率低下，严重影响用户体验。代码中的错误是软件缺陷的关键领域之一。此类漏洞的可利用性会带来用户信息泄露、网络攻击等一系列安全问题。大多数传统的软件漏洞检测解决方案依赖于手动标记和分类的实践知识和经验。人工方法可以有效检测关注度高的漏洞，但关注度低的漏洞的假阴性和假阳性率相对较高。提供基于软件缺陷代码数据集的解决方案，利用深度学习训练软件漏洞识别模型，减少对人工知识和经验的依赖，但模型的准确率（P）和F1分数普遍较低。在本文中，基于NVD和SARD数据集，我们提出了一种结合双向门控循环单元（BiGRU）和注意力机制的软件缺陷检测算法DouBiGRU-A。在实验模拟中，与Li-Method、BiLSTM、BiGRU、BiLSTM&Attention对比显示，在CWE-399数据集上，DouBiGRU-A的P和F1分数分别为0.7%和0.80 % 分别高于锂方法。此外，在 CWE-399 数据集中，DouBiGRU-A 的 P 和 F1 分数分别比 Flawfinder 和 RATS 的平均值高 28.2% 和 43.45%。在CWE-119数据集上，DouBiGRU-A的F1分数比Li-Method高2.73%；DouBiGRU-A 的 P 和 F1 分数分别比 Flawfinder 和 RATS 的平均值高 63.07% 和 53.98%。在合并的 CWE-119&CWE-399 数据集上，DouBiGRU-A 的 P 和 F1 分数分别比 Li-Method 高 5.22% 和 4.29%。DouBiGRU-A 的 P 和 F1 分数分别比 Flawfinder 和 RATS 的平均值高 59.72% 和 46.59%。