2020
DOI: 10.48550/arxiv.2010.10805
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

SeqTrans: Automatic Vulnerability Fix via Sequence to Sequence Learning

Abstract: Software vulnerabilities are now reported at an unprecedented speed due to the recent development of automated vulnerability hunting tools. However, fixing vulnerabilities still mainly depends on programmers' manual efforts. Developers need to deeply understand the vulnerability and try to affect the system's functions as little as possible. In this paper, with the advancement of Neural Machine Translation (NMT) techniques, we provide a novel approach called SeqTrans to exploit historical vulnerability fixes t… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
7
0

Year Published

2021
2021
2023
2023

Publication Types

Select...
1
1

Relationship

0
2

Authors

Journals

citations
Cited by 2 publications
(7 citation statements)
references
References 37 publications
0
7
0
Order By: Relevance
“…The state-of-the-art vulnerability fixing models are usually trained on a relatively small vulnerability fixing dataset [6], or generated from synthesized code examples [5]. Based on prior studies showing the effectiveness of large datasets for machine learning [8], we hypothesize that it is hard for a deep learning model to generalize well on such a small dataset.…”
Section: Methodology For Rq2mentioning
confidence: 99%
See 1 more Smart Citation
“…The state-of-the-art vulnerability fixing models are usually trained on a relatively small vulnerability fixing dataset [6], or generated from synthesized code examples [5]. Based on prior studies showing the effectiveness of large datasets for machine learning [8], we hypothesize that it is hard for a deep learning model to generalize well on such a small dataset.…”
Section: Methodology For Rq2mentioning
confidence: 99%
“…Manually fixing all these vulnerabilities is a time-consuming task; the GitHub 2020 security report finds that it takes 4.4 weeks to release a fix after a vulnerability is identified [4]. Therefore, researchers have proposed approaches to automatically fix these vulnerabilities [5], [6].…”
Section: Introductionmentioning
confidence: 99%
“…The state-of-the-art vulnerability fixing models are usually trained on a relatively small vulnerability fixing dataset [6], or generated from synthesized code examples [5]. We hypothesize that it is hard for a deep learning model to generalize well on such a small or artificial dataset.…”
Section: Methodology For Rq3mentioning
confidence: 99%
“…Ponta et al created a manually curated dataset of Java vulnerability fixes [46] which has been used to train Se-qTrans, a vulnerability fixing system [6] presented above. The dataset has been collected through a vulnerability assessment tool called "project KB", which is open sourced.…”
Section: Vulnerability Datasetsmentioning
confidence: 99%
See 1 more Smart Citation