VulSniper: Focus Your Attention to Shoot Fine-Grained Vulnerabilities

Xu, Donghao; Wu, Jiamin; Ji, Shouling; Rui, Zhiqing; Luo, Tianyue; Yang, Mutian; Wu, Yicheng

doi:10.24963/ijcai.2019/648

Cited by 78 publications

(47 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The main idea behind the use of CPGs as a portable output feature is capturing the characteristics brought about by the representations mentioned above and offering the advantages as a single representation. To enhance the semantic information that can be gathered by code representations as features, a few of the surveyed works utilise CPGs [71, 80 ]. In order to generate CPGs, tools such a Joern [71, 80, 87 ] are utilised for C/C++ code. (d) Lexed representation of source code: Lexing is a process which involves the use of a lexer in order to generate useful features from raw source code.…”

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

“…To enhance the semantic information that can be gathered by code representations as features, a few of the surveyed works utilise CPGs [71, 80 ]. In order to generate CPGs, tools such a Joern [71, 80, 87 ] are utilised for C/C++ code. (d) Lexed representation of source code: Lexing is a process which involves the use of a lexer in order to generate useful features from raw source code. In lexing, critical tokens are captured from source code functions while the representation is kept generic and the total vocabulary size is minimised.…”

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

“…This issue has been highlighted by several reviewed papers as a limitation that can be explored in the future. On several of the surveyed works the programming language of the data set focus ranges from C/C++ [14, 15, 17, 19, 69–72, 77–87 ] and JavaScript [18, 60, 79 ]. Having a data set that consists of multiple programming languages would require further exploration.…”

Section: Issues and Challengesmentioning

confidence: 99%

“…These data sets which are collected each have a programming language of focus. The works of [15, 17, 19, 73, 75–78, 80, 82–85, 87 ] made their data sets publicly available for further research. For a large majority of reviewed the papers, the data set's size did not present an issue.…”

Section: Issues and Challengesmentioning

confidence: 99%

“…The discovery of these lines of code with a higher accuracy allows for the focus on those specific code lines since the probability of its vulnerability is higher. This vulnerability aspect is focused on by several of the surveyed papers [15, 17, 78–87 ] Table 7.…”

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

See 4 more Smart Citations

Literature survey of deep learning-based vulnerability analysis on source code

Semasaba

Zheng

et al. 2020

IET Software

View full text Add to dashboard Cite

Vulnerabilities in software source code are one of the critical issues in the realm of software code auditing. Due to their high impact, several approaches have been studied in the past few years to mitigate the damages from such vulnerabilities. Among the approaches, deep learning has gained popularity throughout the years to address such issues. In this literature survey, the authors provide an extensive review of the many works in the field software vulnerability analysis that utilise deep learning‐based techniques. The reviewed works are systemised according to their objectives (i.e. the type of vulnerability analysis aspect), the area of focus (i.e. the focus area of the analysis), what information about source code is used (i.e. the features), and what deep learning techniques they employ (i.e. what algorithm is used to process the input and produce the output). They also study the limitations of the papers and topical trends concerning vulnerability analysis.

show abstract

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

Section: Issues and Challengesmentioning

confidence: 99%

Section: Issues and Challengesmentioning

confidence: 99%

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

See 3 more Smart Citations

Literature survey of deep learning-based vulnerability analysis on source code

Semasaba

Zheng

et al. 2020

IET Software

View full text Add to dashboard Cite

show abstract

VulGraB: Graph‐embedding‐based code vulnerability detection with bi‐directional gated graph neural network

Wang

Chen

2023

Softw Pract Exp

View full text Add to dashboard Cite

Code vulnerabilities can have serious consequences such as system attacks and data leakage, making it crucial to perform code vulnerability detection during the software development phase. Deep learning is an emerging approach for vulnerability detection tasks. Existing deep learning‐based code vulnerability detection methods are usually based on word2vec embedding of linear sequences of source code, followed by code vulnerability detection through RNNs network. However, such methods can only capture the superficial structural or syntactic information of the source code text, which is not suitable for modeling the complex control flow and data flow and miss edge information in the graph structure constructed by the source code, with limited effect of neural network model. To solve the above problems, this article proposes a code vulnerability detection method, named VulGraB, which is based on graph embedding and bidirectional gated graph neural networks. VulGraB uses node2vec to convert the program‐dependent graphs into graph embeddings of the code, which contain rich structure information of the source code, improving the ability of features to express nonlinear information to a certain extent. Then the BiGGNN is used for training, and finally the accuracy of the detection results is evaluated using target program. The bi‐directional gated neural network utilizes a bi‐directional recurrent structure, which is beneficial to global information aggregation. The experimental results show that the accuracy of VulGraB is significantly improved over the baseline models on two datasets, with F1 scores of 85.89% and 97.24% being the highest, demonstrating that VulGraB consistently outperforms other effective vulnerability detection models.

show abstract

Tensor‐based gated graph neural network for automatic vulnerability detection in source code

Yang,

Ruan,

Zhang

2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

The rapid expansion of smart devices leads to the increasing demand for vulnerability detection in the cyber security field. Writing secure source codes is crucial to protect applications and software. Recent vulnerability detection methods are mainly using machine learning and deep learning. However, there are still some challenges, how to learn accurate source code semantic embedding at the function level, how to effectively perform vulnerability detection using the learned semantic embedding of source code and how to solve the overfitting problem of learning‐based models. In this paper, we consider codes as various graphs with node features and propose a tensor‐based gated graph neural network called TensorGNN to produce code embedding for function‐level vulnerability detection. First, we propose a high‐dimensional tensor for combining different code graph representations. Second, inspired by the work of tensor technology, we propose the TensorGNN model to produce accurate code representations using the graph tensor. We evaluate our model on 7 C and C++ large open‐source code corpus (e.g. SARD&NVD, Debian, SATE IV, FFmpeg, libpng&LibTiff, Wireshark and Github datasets), which contains 13 types of vulnerabilities. Our TensorGNN model improves on existing state‐of‐the‐art works by 10%–30% on average in terms of vulnerability detection accuracy and F1, while our TensorGNN model needs less training time and model parameters. Specifically, compared with other existing works, our model reduces 25–47 times of the number of parameters and decreases 3–10 times of training time. Results of evaluations show that TensorGNN has better performance while using fewer training parameters and less training time.

show abstract

VulSniper: Focus Your Attention to Shoot Fine-Grained Vulnerabilities

Cited by 78 publications

References 9 publications

Literature survey of deep learning-based vulnerability analysis on source code

Literature survey of deep learning-based vulnerability analysis on source code

VulGraB: Graph‐embedding‐based code vulnerability detection with bi‐directional gated graph neural network

Tensor‐based gated graph neural network for automatic vulnerability detection in source code

Contact Info

Product

Resources

About