Vulnerability Localization Based On Intermediate Code Representation and Feature Fusion

Abstract

Abstract Vulnerability localization can assist security professionals in vulnerability validation and analysis. This study proposes an intelligent vulnerability localization method based on fine-grained program representation and feature fusion. Firstly, we generate efficient fine-grained program representations of the program. This involves transforming the source code into intermediate code. We use abstract syntax tree characteristics to correspond to the points of interest of the intermediate code. We slice the intermediate code file based on the point of interest and program dependency relationships. Subsequently, we use the word2vec model to the vectorization of the intermediate code slices. Then, we propose a vulnerability localization framework based on a feature fusion method, which can better combine the advantages of bidirectional gate recurrent unit and convolutional neural network to capture the syntax and semantics of program representation. Through comparing different program representations, we have discovered that the fine-grained representation based on intermediate code in this study provides a more accurate portrayal of program semantics. By comparing various methods, the proposed feature fusion approach in this paper improves vulnerability localization. We also conducted a visualization display of vulnerability localization. Furthermore, we have validated the effectiveness of this method in localizing vulnerabilities across five common vulnerability types.