VDSimilar: Vulnerability detection based on code similarity of vulnerabilities and patches

Sun, Hao; Cui, Lei; Li, Lun; Ding, Zhenquan; Hao, Zhiyu; Cui, Jiancong; Liu, Peng

doi:10.1016/j.cose.2021.102417

Cited by 39 publications

(9 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To address the current situation where existing work requires a large amount of labeled data, Sun et al prepared a smaller data set consisting of vulnerabilities and associated patches and attempted to detect similarity in terms of similarity between vulnerabilities and differences between a pair of vulnerabilities and patches. To this end, they constructed VDSimilar [18], a joint detection model using Siamese networks, Bi-LSTM, and Attention to process source code. e proposed model achieves an AUC value of 97.17 on OpenSSL and Linux on a data set of 876 samples.…”

Section: Rule-basedmentioning

confidence: 99%

SFN: A Novel Scalable Feature Network for Vulnerability Representation of Open-Source Codes

Guo

Wang

Zhang

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

Vulnerability detection technology has become a hotspot in the field of software security, and most of the current methods do not have a complete consideration during code characterizing, which leads to problems such as information loss. Therefore, this paper proposes one class of Scalable Feature Network (SFN), a composite feature extraction method based on Continuous Bag of Words and Convolutional Neural Network. In addition, to characterize the source code more comprehensively, we construct multiscale code metrics in terms of semantic-, line-, and function granularity. In order to verify the effectiveness of the SFN, this paper builds a Scalable Vulnerability Detection Model (SVDM) by combining SFN with Bi-LSTM. The experimental results show that the proposed SVDM can obtain precision over 84.3% and recall at 83.4%, respectively, while both FNR and FPR are less than 17%.

show abstract

Section: Rule-basedmentioning

confidence: 99%

SFN: A Novel Scalable Feature Network for Vulnerability Representation of Open-Source Codes

Guo

Wang

Zhang

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

show abstract

“…Specifically, we use the method of multi-step decay to adjust the learning rate. For hyperparameter settings, the milestones are set to 5 , 13 , 15 , gamma is set to 0.1 and initial learning rate is set to 0.01. In order to ensure the comparability of experiments, we also use SGD optimizer and a cross-entropy loss function to train 10 epochs.…”

Section: Resultsmentioning

confidence: 99%

“…It is worth noting that with the rise of machine learning technology, vulnerability detection based on machine learning has become a hot issue. At present, this field includes attribute-based software code measurement 12 , code similarity detection 13 – 15 , etc. To detect the unknown vulnerability in an actual application environment, the combination of word embedding and vulnerability detection came into being.…”

Section: Introductionmentioning

confidence: 99%

A new method of software vulnerability detection based on a quantum neural network

Zhou¹,

Pang²,

Feng³

et al. 2022

Sci Rep

View full text Add to dashboard Cite

In the field of network security, although there has been related work on software vulnerability detection based on classic machine learning, detection ability is directly proportional to the scale of training data. A quantum neural network has been proven to solve the memory bottleneck problem of classical machine learning, so it has far-reaching prospects in the field of vulnerability detection. To fill the gap in this field, we propose a quantum neural network structure named QDENN for software vulnerability detection. This work is the first attempt to implement word embedding of vulnerability codes based on a quantum neural network, which proves the feasibility of a quantum neural network in the field of vulnerability detection. Experiments demonstrate that our proposed QDENN can effectively solve the inconsistent input length problem of quantum neural networks and the problem of batch processing with long sentences. Furthermore, it can give full play to the advantages of quantum computing and realize a vulnerability detection model at the cost of a small amount of measurement. Compared to other quantum neural networks, our proposed QDENN can achieve higher vulnerability detection accuracy. On the sub dataset with a small-scale interval, the model accuracy rate reaches 99%. On each subinterval data, the best average vulnerability detection accuracy of the model reaches 86.3%.

show abstract

“…Code similarity approaches find matches between target codes with known vulnerabilities for classification. VD-Similar [12] and VUDDY [13] are two examples. Although VDSimilar uses a Siamese network [14] along with BiLSTM to improve the detection accuracy, VUDDY improves the scalability of vulnerable code clone detection using functionlevel granularity and a length-filtering technique.…”

Section: Related Workmentioning

confidence: 99%

Code Aggregate Graph: Effective Representation for Graph Neural Networks to Detect Vulnerable Code

et al. 2022

View full text Add to dashboard Cite

Deep learning, especially graph neural networks (GNNs), provides efficient, fast, and automated methods to detect vulnerable code. However, the accuracy could be improved as previous studies were limited by existing code representations. Additionally, the diversity of embedding techniques and GNN models can make selecting the appropriate method challenging. Herein we propose Code Aggregate Graph (CAG) to improve vulnerability detection efficiency. CAG combines the principles of different code analyses such as abstract syntax tree, control flow graph, and program dependence graph with dominator and postdominator trees. This extensive representation empowers deep graph networks for enhanced classification. We also implement different data encoding methods and neural networks to provide a multidimensional view of the system performance. Specifically, three word embedding approaches and three deep GNNs are utilized to build classifiers. Then CAG is evaluated using two datasets: a real-world open-source dataset and the software assurance reference dataset. CAG is also compared with seven state-of-the-art methods and six classic representations. CAG shows the best performance. Compared to previous studies, CAG has an increased accuracy (5.4%) and F1-score (5.1%). Additionally, experiments confirm that encoding has a positive impact on accuracy (4-6%) but the network type does not. The study should contribute to a meaningful benchmark for future research on code representations, data encoding, and GNNs.

show abstract

VDSimilar: Vulnerability detection based on code similarity of vulnerabilities and patches

Cited by 39 publications

References 9 publications

SFN: A Novel Scalable Feature Network for Vulnerability Representation of Open-Source Codes

SFN: A Novel Scalable Feature Network for Vulnerability Representation of Open-Source Codes

A new method of software vulnerability detection based on a quantum neural network

Code Aggregate Graph: Effective Representation for Graph Neural Networks to Detect Vulnerable Code

Contact Info

Product

Resources

About