Jianlei Chi scite author profile

Software vulnerabilities are now reported at an unprecedented speed due to the recent development of automated vulnerability hunting tools. However, fixing vulnerabilities still mainly depends on programmers' manual efforts. Developers need to deeply understand the vulnerability and try to affect the system's functions as little as possible. In this paper, with the advancement of Neural Machine Translation (NMT) techniques, we provide a novel approach called SeqTrans to exploit historical vulnerability fixes to provide suggestions and automatically fix the source code. To capture the contextual information around the vulnerable code, we propose to leverage data flow dependencies to construct code sequences and fed them into the state-of-the-art transformer model. Attention and copy mechanisms are both exploited in SeqTrans. We evaluate SeqTrans on both single line and multiple line vulnerability fixes on a dataset containing 1,282 commits that fix 624 vulnerabilities in 205 Java projects. Results show that the accuracy of SeqTrans can achieve 77.6% in single line fix and 52.5% in multiple line fix. In the meantime, we look deep inside the result and observe that NMT model performs very well in certain kinds of vulnerabilities like CWE-287 (Improper Authentication) and CWE-863 (Incorrect Authorization).

show abstract

Leveraging developer information for efficient effort-aware bug prediction

Chi

Yin

2021

Information and Software Technology

View full text Add to dashboard Cite

Behavior-aware Account De-anonymization on Ethereum Interaction Graph

Zhou¹,

Hu²,

Chi³

et al. 2022

Preprint

View full text Add to dashboard Cite

Test Case Prioritization Based on Method Call Sequences

Chi

Zheng

et al. 2018

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jianlei Chi

node2defect: using network embedding to improve software defect prediction

SeqTrans: Automatic Vulnerability Fix Via Sequence to Sequence Learning

Relation-based test case prioritization for regression testing

Using K-core Decomposition on Class Dependency Networks to Improve Bug Prediction Model's Practical Performance

SeqTrans: Automatic Vulnerability Fix via Sequence to Sequence Learning

Leveraging developer information for efficient effort-aware bug prediction

Behavior-aware Account De-anonymization on Ethereum Interaction Graph

Test Case Prioritization Based on Method Call Sequences

Contact Info

Product

Resources

About