VulDetector: Detecting Vulnerabilities Using Weighted Feature Graph Comparison

Cui, Lei; Hao, Zhiyu; Jiao, Yang; Fei, Haiqiang; Yun, Xiaochun

doi:10.1109/tifs.2020.3047756

Cited by 35 publications

(11 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…e proposed model achieves an AUC value of 97.17 on OpenSSL and Linux on a data set of 876 samples. To address the problems of high false positives and poor performance when analyzing large programs, Cui et al propose to use the weighted feature graph (WFG), a small but semantically rich graph to characterize functions and build a static VulDetector [19]. VulDetector firstly seeks vulnerability-sensitive keywords to reduce the size of the graph without compromising securityrelated semantics.…”

Section: Rule-basedmentioning

confidence: 99%

SFN: A Novel Scalable Feature Network for Vulnerability Representation of Open-Source Codes

Guo

Wang

Zhang

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

Vulnerability detection technology has become a hotspot in the field of software security, and most of the current methods do not have a complete consideration during code characterizing, which leads to problems such as information loss. Therefore, this paper proposes one class of Scalable Feature Network (SFN), a composite feature extraction method based on Continuous Bag of Words and Convolutional Neural Network. In addition, to characterize the source code more comprehensively, we construct multiscale code metrics in terms of semantic-, line-, and function granularity. In order to verify the effectiveness of the SFN, this paper builds a Scalable Vulnerability Detection Model (SVDM) by combining SFN with Bi-LSTM. The experimental results show that the proposed SVDM can obtain precision over 84.3% and recall at 83.4%, respectively, while both FNR and FPR are less than 17%.

show abstract

Section: Rule-basedmentioning

confidence: 99%

SFN: A Novel Scalable Feature Network for Vulnerability Representation of Open-Source Codes

Guo

Wang

Zhang

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

show abstract

“…The introduction of GNNs for modelling vulnerabilities was originally inspired by the vulnerability discovery approach proposed by Yamaguchi et al [60] using Code Property Graphs, a type of program graph incorporating program dependency edges [26,40], control flow edges, and the abstract syntax tree of the program, which provide an additional source of information to learn from [14]. Hence, the performance improvements using GNNs can primarily be attributed to leveraging the domain knowledge that lines of source code within a program have specific relationships to other lines; i.e., training using both semantic and syntactical information, rather than only syntactical information.…”

Section: Software Vulnerability Detection With Gnnmentioning

confidence: 99%

LineVD: Statement-level Vulnerability Detection using Graph Neural Networks

Hin¹,

Kan²,

Chen³

et al. 2022

Preprint

View full text Add to dashboard Cite

Current machine-learning based software vulnerability detection methods are primarily conducted at the function-level. However, a key limitation of these methods is that they do not indicate the specific lines of code contributing to vulnerabilities. This limits the ability of developers to efficiently inspect and interpret the predictions from a learnt model, which is crucial for integrating machine-learning based tools into the software development workflow. Graph-based models have shown promising performance in function-level vulnerability detection, but their capability for statement-level vulnerability detection has not been extensively explored. While interpreting function-level predictions through explainable AI is one promising direction, we herein consider the statement-level software vulnerability detection task from a fully supervised learning perspective. We propose a novel deep learning framework, LineVD, which formulates statement-level vulnerability detection as a node classification task. LineVD leverages control and data dependencies between statements using graph neural networks, and a transformer-based model to encode the raw source code tokens. In particular, by addressing the conflicting outputs between function-level and statement-level information, LineVD significantly improve the prediction performance without vulnerability status for function code. We have conducted extensive experiments against a large-scale collection of real-world C/C++ vulnerabilities obtained from multiple real-world projects, and demonstrate an increase of 105% in F1-score over the current state-of-the-art.

show abstract

“…[45], [49], [50], [73], by matching vulnerability signatures [42], [47] and by matching both vulnerability and patch signatures [35], [66], [67]. Similar to those patch analysis works, the mappings between CVEs and their patches in these works are mostly identified by manual efforts [58], [59], [60], [66] and heuristics rules [45], [49], [50], [65], [70], or directly taken from security advisories that establish the mapping between CVEs and patches for specific projects [42], [47], [67].…”

Section: Related Workmentioning

confidence: 99%

“…To this end, tremendous efforts have been made to mitigate security risks in OSS vulnerabilities, ranging from detecting vulnerabilities in open source software via learning vulnerability features [45], [49], [50], [73], or matching vulnerability and/or patch signatures [35], [42], [47], [66], [67], to patching vulnerabilities in open source software [39], [52], [54], [69], or analyzing software composition for determining whether open source vulnerabilities are reachable through call paths in applications [58], [59], [60], [65]. In particular, vulnerability databases play a significant role in these efforts by providing valuable data (e.g., description, affected software and versions, and patches) for various vulnerability analysis tasks.…”

Section: Introductionmentioning

confidence: 99%

“…Patches, as a valuable piece of information to capture a vulnerability, can be leveraged to enable a variety of security applications, e.g., hot patch generation and deployment [39], [54], [69], patch presence testing [36], [43], [72], software composition analysis [59], [60], [65], and vulner-ability detection [35], [42], [47], [49], [50], [66]. The accuracy of these security applications will be heavily affected if the patches of a vulnerability are missing or inaccurate.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

TRACER: Finding Patches for Open Source Software Vulnerabilities

Xu¹,

Chen²,

Lu³

et al. 2021

Preprint

View full text Add to dashboard Cite

Open source software (OSS) vulnerability management has become an open problem. Vulnerability databases provide valuable data that is needed to address OSS vulnerabilities. However, there arises a growing concern about the information quality of vulnerability databases. In particular, it is unclear how the quality of patches in existing vulnerability databases is. Further, existing manual or heuristic-based approaches for patch identification are either too expensive or too specific to be applied to all OSS vulnerabilities. To address these problems, we first conduct an empirical study to understand the quality and characteristics of patches for OSS vulnerabilities in two state-of-the-art vulnerability databases. Our study is designed to cover five dimensions, i.e., the coverage, consistency, type, cardinality and accuracy of patches. Then, inspired by our study, we propose the first automated approach, named TRACER, to find patches for an OSS vulnerability from multiple sources. Our key idea is that patch commits will be frequently referenced during the reporting, discussion and resolution of an OSS vulnerability. Our extensive evaluation has indicated that i) TRACER finds patches for up to 273.8% more CVEs than existing heuristic-based approaches while achieving a significantly higher F1-score by up to 116.8%; and ii) TRACER achieves a higher recall by up to 18.4% than state-of-the-art vulnerability databases, but sacrifices up to 12.0% fewer CVEs (whose patches are not found) and 6.4% lower precision. Our evaluation has also demonstrated the generality and usefulness of TRACER.

show abstract

VulDetector: Detecting Vulnerabilities Using Weighted Feature Graph Comparison

Cited by 35 publications

References 29 publications

SFN: A Novel Scalable Feature Network for Vulnerability Representation of Open-Source Codes

SFN: A Novel Scalable Feature Network for Vulnerability Representation of Open-Source Codes

LineVD: Statement-level Vulnerability Detection using Graph Neural Networks

TRACER: Finding Patches for Open Source Software Vulnerabilities

Contact Info

Product

Resources

About