VulSniper: Focus Your Attention to Shoot Fine-Grained Vulnerabilities-Reference-Cited by-同舟云学术

VulSniper: Focus Your Attention to Shoot Fine-Grained Vulnerabilities

Published:2019-08 Issue: Volume: Page:
ISSN:
Container-title:Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence
language:
Short-container-title:

Author:

Duan Xu¹²,Wu Jingzheng¹³,Ji Shouling⁴,Rui Zhiqing¹⁵,Luo Tianyue¹⁶,Yang Mutian¹⁶,Wu Yanjun¹³

Affiliation:

1. Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences

2. School of Computer & Communication Engineering, University of Science and Technology Beijing

3. State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences

4. College of Computer Science and Technology, Zhejiang University

5. Artificial Intelligence Academy, University of Chinese Academy of Sciences

6. Beijing VuLab Technology Co.Ltd

Abstract

With the explosive development of information technology, vulnerabilities have become one of the major threats to computer security. Most vulnerabilities with similar patterns can be detected effectively by static analysis methods. However, some vulnerable and non-vulnerable code is hardly distinguishable, resulting in low detection accuracy. In this paper, we define the accurate identification of vulnerabilities in similar code as a fine-grained vulnerability detection problem. We propose VulSniper which is designed to detect fine-grained vulnerabilities more effectively. In VulSniper, attention mechanism is used to capture the critical features of the vulnerabilities. Especially, we use bottom-up and top-down structures to learn the attention weights of different areas of the program. Moreover, in order to fully extract the semantic features of the program, we generate the code property graph, design a 144-dimensional vector to describe the relation between the nodes, and finally encode the program as a feature tensor. VulSniper achieves F1-scores of 80.6% and 73.3% on the two benchmark datasets, the SARD Buffer Error dataset and the SARD Resource Management Error dataset respectively, which are significantly higher than those of the state-of-the-art methods.

Publisher

International Joint Conferences on Artificial Intelligence Organization

Cited by 61 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A dual graph neural networks model using sequence embedding as graph nodes for vulnerability detection;Information and Software Technology;2025-01

2. Collaboration to Repository-Level Vulnerability Detection;Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis;2024-09-11

3. Exploring Datasets In Software Vulnerability Analysis: A Review;2024 4th International Conference on Emerging Smart Technologies and Applications (eSmarTA);2024-08-06

4. Code-centric learning-based just-in-time vulnerability detection;Journal of Systems and Software;2024-08

5. Vulnerability Detection via Multiple-Graph-Based Code Representation;IEEE Transactions on Software Engineering;2024-08