Fangcheng Qiu,Zhongxin Liu,Xing Hu,Xin Xia,Gang Chen,Xinyu Wang

DOI: https://doi.org/10.1109/tse.2024.3427815

IF: 7.4

2024-08-18

IEEE Transactions on Software Engineering

Abstract:During software development and maintenance, vulnerability detection is an essential part of software quality assurance. Even though many program-analysis-based and machine-learning-based approaches have been proposed to automatically detect vulnerabilities, they rely on explicit rules or patterns defined by security experts and suffer from either high false positives or high false negatives. Recently, an increasing number of studies leverage deep learning techniques, especially Graph Neural Network (GNN), to detect vulnerabilities. These approaches leverage program analysis to represent the program semantics as graphs and perform graph analysis to detect vulnerabilities. However, they suffer from two main problems: (i) Existing GNN-based techniques do not effectively learn the structural and semantic features from source code for vulnerability detection. (ii) These approaches tend to ignore fine-grained information in source code. To tackle these problems, in this paper, we propose a novel vulnerability detection approach, named MGVD (M ultiple-G raph-Based V ulnerability D etection), to detect vulnerable functions. To effectively learn the structural and semantic features from source code, MGVD uses three different ways to represent each function into multiple forms, i.e., two statement graphs and a sequence of tokens. Then we encode such representations to a three-channel feature matrix. The feature matrix contains the structural feature and the semantic feature of the function. And we add a weight allocation layer to distribute the weights between structural and semantic features. To overcome the second problem, MGVD constructs each graph representation of the input function using multiple different graphs instead of a single graph. Each graph focuses on one statement in the function and its nodes denote the related statements and their fine-grained code elements. Finally, MGVD leverages CNN to identify whether this function is vulnerable based on such feature matrix. We conduct experiments on 3 vulnerability datasets with a total of 30,341 vulnerable functions and 127,931 non-vulnerable functions. The experimental results show that our method outperforms the state-of-the-art by 9.68% – 10.28% in terms of F1-score.

engineering, electrical & electronic,computer science, software engineering

Wenxin Tao,Xiaohong Su,Jiayuan Wan,Hongwei Wei,Weining Zheng

DOI: https://doi.org/10.1016/j.cose.2023.103341

IF: 5.105

2023-01-01

Computers & Security

Abstract:Software vulnerability detection is critical to computer security. Most existing vulnerability detection methods use single modal-based vulnerability detection models, which cannot effectively extract cross-modal features. To solve this problem, we propose a new multimodal deep learning based vulnerability detection method through a cross-modal feature enhancement and fusion. Firstly, we utilize a special compilation and debugging method to obtain the alignment relationship between source code statements and assembly instructions, as well as between source code variables and assembly code registers. Based on this alignment relationship and program slicing technology, we propose a cross-slicing method to generate bimodal program slices. Then, we propose a cross-modal feature enhanced code representation learning model to capture the fine-grained semantic correlation between source code and assembly code by using the co-attention mechanisms. Finally, vulnerability detection is achieved by feature level fusion of semantic features captured in fine-grained aligned source code and assembly code. Extensive experiments show that our method improves the performance of vulnerability detection compared with state-of-the-art methods. Specifically, our method achieves an accuracy of 97.4% and an F1-measure of 93.4% on the SARD dataset. An average accuracy of 95.4% and an F1-measure of 89.1% on two real-world software projects (i.e., FFmpeg and OpenSSL) is also achieved by our method, improving over SOTA method 4.5% and 2.9%. (c) 2023 Elsevier Ltd. All rights reserved.

Deqing Zou,Yutao Hu,Wenke Li,Yueming Wu,Haojun Zhao,Hai Jin

DOI: https://doi.org/10.1109/tdsc.2022.3199769

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Due to the powerful automatic feature extraction, deep learning-based vulnerability detection methods have evolved significantly in recent years. However, almost all current work focuses on detecting vulnerabilities at a single granularity (i.e., slice-level or function-level). In practice, slice-level vulnerability detection is fine-grained but may contain incomplete vulnerability details. Function-level vulnerability detection includes full vulnerability semantics but may contain vulnerability-unrelated statements. Meanwhile, they pay more attention to predicting whether the source code is vulnerable and cannot pinpoint which statements are more likely to be vulnerable. In this paper, we design mVulPreter, a multi-granularity vulnerability detector that can provide interpretations of detection results. Specifically, we propose a novel technique to effectively blend the advantages of function-level and slice-level vulnerability detection models and output the detection results' interpretation only by the model itself. We evaluate mVulPreter on a dataset containing 5,310 vulnerable functions and 7,601 non-vulnerable functions. The experimental results indicate that mVulPreter outperforms existing state-of-the-art vulnerability detection approaches (i.e., Checkmarx, FlawFinder, RATS, TokenCNN, StatementLSTM, SySeVR, and Devign).

computer science, information systems, software engineering, hardware & architecture

Ruitong Liu,Yanbin Wang,Haitao Xu,Jianguo Sun,Fan Zhang,Peiyue Li,Zhenhao Guo

DOI: https://doi.org/10.1016/j.inffus.2024.102748

IF: 18.6

2025-01-01

Information Fusion

Abstract:Code Language Models (codeLMs) and Graph Neural Networks (GNNs) are widely used in code vulnerability detection. However, a critical yet often overlooked issue is that GNNs primarily rely on aggregating information from adjacent nodes, limiting structural information transfer to single-layer updates. In code graphs, nodes and relationships typically require cross-layer information propagation to fully capture complex program logic and potential vulnerability patterns. Furthermore, while some studies utilize codeLMs to supplement GNNs with code semantic information, existing integration methods have not fully explored the potential of their collaborative effects. To address these challenges, we introduce Vul-LMGNNs that integrates pre-trained CodeLMs with GNNs, leveraging knowledge distillation to facilitate cross-layer propagation of both code semantic knowledge and structural information. Specifically, Vul-LMGNNs utilizes Code Property Graphs (CPGs) to incorporate code syntax, control flow, and data dependencies, while employing gated GNNs to extract structural information in the CPG. To achieve cross-layer information transmission, we implement an online knowledge distillation (KD) program that enables a single student GNN to acquire structural information extracted from a simultaneously trained counterpart through an alternating training procedure. Additionally, we leverage pre-trained CodeLMs to extract semantic features from code sequences. Finally, we propose an "implicit-explicit" joint training framework to better leverage the strengths of both CodeLMs and GNNs. In the implicit phase, we utilize CodeLMs to initialize the node embeddings of each student GNN. Through online knowledge distillation, we facilitate the propagation of both code semantics and structural information across layers. In the explicit phase, we perform linear interpolation between the CodeLM and the distilled GNN to learn a late fusion model. The proposed method, evaluated across four real-world vulnerability datasets, demonstrated superior performance compared to 17 state-of-the-art approaches. Our source code can be accessed via GitHub: https: //github.com/Vul-LMGNN/vul-LMGGNN.

Xuejun Zhang,Bo Zhou,Zhuo Chen,Meifeng Guo,Xiaogang Du,Xiaohong Jia,Wanrong Bai

DOI: https://doi.org/10.21203/rs.3.rs-4893837/v1

2024-01-01

Abstract:Thriving and widespread use of the open-source software community makes software vulnerabilities spread a lot, which brings serious challenges to the system security. Recently, a number of vulnerability detection methods based on deep learning have been proposed to help engineers analyze and patch vulnerabilities efficiently. However, these existing approaches still suffer from limitations in extracting rich features from vulnerability code. Aiming at the above problems, we propose VulD-SG, a dual-channel software code vulnerability detection method based on deep sequence and graph model. VulD-SG enhances the semantic, syntactic and structural features extraction ability of the source code by introducing the deep sequence-based and graph-based vulnerability feature extraction module. To address the problem of the coarse detection granularity in the traditional methods, VulD-SG slices code statements into subtokens with a new decomposition algorithm to capture the detailed vulnerability information. Meanwhile, Transformer-style encoder is utilized in graph-based vulnerability feature extraction module to aggregate program dependency graph (PDG) nodes to learn the long-range dependence of cross-function code effectively. Finally, we build a fusion model to merge the training parameters and achieve fine-grained prediction results. The experiments result show that Acc, F1, and Recall metrics were improved by 2.6\%~27\%, 2\%~29.2\%, and 1\%~30.25\% respectively on five different vulnerability datasets compared with seven vulnerability detection models based on deep learning.

Xiansheng Cao,Junfeng Wang,Peng Wu,Zhiyang Fang

DOI: https://doi.org/10.1049/2024/4313185

2024-03-22

IET Information Security

Abstract:Source code vulnerabilities are one of the significant threats to software security. Existing deep learning-based detection methods have proven their effectiveness. However, most of them extract code information on a single intermediate representation of code (IRC), which often fails to extract multiple information hidden in the code fully, significantly limiting their performance. To address this problem, we propose VulMPFF, a vulnerability detection method that fuses code features under multiple perspectives. It extracts IRC from three perspectives: code sequence, lexical and syntactic relations, and graph structure to capture the vulnerability information in the code, which effectively realizes the complementary information of multiple IRCs and improves vulnerability detection performance. Specifically, VulMPFF extracts serialized abstract syntax tree as IRC from code sequence, lexical and syntactic relation perspective, and code property graph as IRC from graph structure perspective, and uses Bi-LSTM model with attention mechanism and graph neural network with attention mechanism to learn the code features from multiple perspectives and fuse them to detect the vulnerabilities in the code, respectively. We design a dual-attention mechanism to highlight critical code information for vulnerability triggering and better accomplish the vulnerability detection task. We evaluate our approach on three datasets. Experiments show that VulMPFF outperforms existing state-of-the-art vulnerability detection methods (i.e., Rats, FlawFinder, VulDeePecker, SySeVR, Devign, and Reveal) in Acc and F1 score, with improvements ranging from 14.71% to 145.78% and 152.08% to 344.77%, respectively. Meanwhile, experiments in the open-source project demonstrate that VulMPFF has the potential to detect vulnerabilities in real-world environments.

computer science, information systems, theory & methods

Yueming Wu,Deqing Zou,Shihan Dou,Wei Yang,Duo Xu,Hai Jin

DOI: https://doi.org/10.1145/3510003.3510229

2022-01-01

Abstract:Since deep learning (DL) can automatically learn features from source code, it has been widely used to detect source code vulnerability. To achieve scalable vulnerability scanning, some prior studies intend to process the source code directly by treating them as text. To achieve accurate vulnerability detection, other approaches consider distilling the program semantics into graph representations and using them to detect vulnerability. In practice, text-based techniques are scalable but not accurate due to the lack of program semantics. Graph-based methods are accurate but not scalable since graph analysis is typically time-consuming. In this paper, we aim to achieve both scalability and accuracy on scanning large-scale source code vulnerabilities. Inspired by existing DL-based image classification which has the ability to analyze millions of images accurately, we prefer to use these techniques to accomplish our purpose. Specifically, we propose a novel idea that can efficiently convert the source code of a function into an image while preserving the program details. We implement VulCNN and evaluate it on a dataset of 13,687 vulnerable functions and 26,970 non-vulnerable functions. Experimental results report that VulCNN can achieve better accuracy than eight state-of-the-art vulnerability detectors (i.e., Checkmarx, FlawFinder, RATS, TokenCNN, VulDeePecker, SySeVR, VulDeeLocator, and Devign). As for scalability, VulCNN is about four times faster than VulDeePecker and SySeVR, about 15 times faster than VulDeeLocator, and about six times faster than Devign. Furthermore, we conduct a case study on more than 25 million lines of code and the result indicates that VulCNN can detect large-scale vulnerability. Through the scanning reports, we finally discover 73 vulnerabilities that are not reported in NVD.

Mengliang Li,Xiaoxue Ren,Han Fu,Zhuo Li,Jianling Sun

DOI: https://doi.org/10.1109/issre59848.2023.00025

2023-01-01

Abstract:Smart contracts are essential for executing computing logic on blockchain networks. However, they are also susceptible to various vulnerabilities. In recent years, the detection of smart contract vulnerabilities has become a significant concern due to the substantial losses caused by hacker attacks. Traditional vulnerability detection approaches rely on expert rules, which often suffer from limitations in accuracy and completeness. Deep learning-based methods offer better coverage of vulnerabilities but may overlook certain vulnerability characteristics and suffer from overfitting during training. In this paper, we propose a novel approach called ConvMHSA-SCVD, which combines knowledge-driven and data-driven algorithms together to detect smart contract vulnerabilities. By incorporating feature selection, data balancing, and a combination of multi-channel convolution and multi-head self-attention neural networks, our ConvMHSA-SCVD achieves effective vulnerability detection in smart contracts. Extensive experiments demonstrate that our approach outperforms the state-of-the-art method in accuracy and F1 score, with improvements ranging from 0.4% to 3.84% and 1.28% to 1.90%, respectively.

fan jiang,yuanlong cao,jianmao xiao,hui yi,gang lei,min liu,hao wang,shuiguang deng

DOI: https://doi.org/10.1007/978-3-031-20096-0_6

2022-01-01

Abstract:With the widespread use of smart contracts in various fields, the research on smart contract vulnerability detection has increased yearly. Most of the previous research work is based on symbol detection and comparison with expert-defined error patterns to analyze the possible vulnerabilities of smart contracts. The accuracy and performance of such methods are generally low. In response to this problem, this paper proposes an efficient smart contract vulnerability detection model VDDL (Vulnerability Detection Based on Deep Learning). VDDL uses a multi-layer bidirectional Transformer architecture as the model architecture, involving a multi-head attention mechanism and a masking mechanism. A multi-head attention mechanism is applied in the encoder-decoder layer. The masking mechanism randomly masks the input tokens and combined with the context to predict the masked tokens, a deep bidirectional representation for training is realized. Furthermore, VDDL incorporates CodeBERT, a large bimodal pre-trained model for natural and programming languages, to improve training performance. We collected 47,038 smart contracts as datasets for model training and testing. In the end, the accuracy of VDDL reached 92.35%, the recall reached 81.43%, and the F1-score reached 86.38%, which can efficiently detect possible loopholes in smart contracts.

Sicong Cao,Xiaobing Sun,Lili Bo,Rongxin Wu,Bin Li,Xiaoxue Wu,Chuanqi Tao,Tao Zhang,Wei Liu

DOI: https://doi.org/10.1145/3624744

IF: 3.685

2024-01-01

ACM Transactions on Software Engineering and Methodology

Abstract:Memory-related vulnerabilities can result in performance degradation or even program crashes, constituting severe threats to the security of modern software. Despite the promising results of deep learning (DL)-based vulnerability detectors, there exist three main limitations: (1) rich contextual program semantics related to vulnerabilities have not yet been fully modeled; (2) multi-granularity vulnerability features in hierarchical code structure are still hard to be captured; and (3) heterogeneous flow information is not well utilized. To address these limitations, in this article, we propose a novel DL-based approach, called MVD+ , to detect memory-related vulnerabilities at the statement-level. Specifically, it conducts both intraprocedural and interprocedural analysis to model vulnerability features, and adopts a hierarchical representation learning strategy, which performs syntax-aware neural embedding within statements and captures structured context information across statements based on a novel Flow-Sensitive Graph Neural Networks, to learn both syntactic and semantic features of vulnerable code. To demonstrate the performance, we conducted extensive experiments against eight state-of-the-art DL-based approaches as well as five well-known static analyzers on our constructed dataset with 6,879 vulnerabilities in 12 popular C/C++ applications. The experimental results confirmed that MVD+ can significantly outperform current state-of-the-art baselines and make a great trade-off between effectiveness and efficiency.

Yueming Wu,Deqing Zou,Shihan Dou,Wei Yang,Duo Xu,Hai Jin

DOI: https://doi.org/10.1145/3510003.3510229

2022-01-01

Abstract:Since deep learning (DL) can automatically learn features from source code, it has been widely used to detect source code vulnerability. To achieve scalable vulnerability scanning, some prior studies intend to process the source code directly by treating them as text. To achieve accurate vulnerability detection, other approaches consider distilling the program semantics into graph representations and using them to detect vulnerability. In practice, text-based techniques are scalable but not accurate due to the lack of program semantics. Graph-based methods are accurate but not scalable since graph analysis is typically time-consuming. In this paper, we aim to achieve both scalability and accuracy on scanning large-scale source code vulnerabilities. Inspired by existing DL-based image classification which has the ability to analyze millions of images accurately, we prefer to use these techniques to accomplish our purpose. Specifically, we propose a novel idea that can efficiently convert the source code of a function into an image while preserving the program details. We implement Vul-CNN and evaluate it on a dataset of 13,687 vulnerable functions and 26,970 non-vulnerable functions. Experimental results report that VulCNN can achieve better accuracy than eight state-of-the-art vul-nerability detectors (i.e., Checkmarx, FlawFinder, RATS, TokenCNN, VulDeePecker, SySeVR, VulDeeLocator, and Devign). As for scalability, VulCNN is about four times faster than VulDeePecker and SySeVR, about 15 times faster than VulDeeLocator, and about six times faster than Devign. Furthermore, we conduct a case study on more than 25 million lines of code and the result indicates that VulCNN can detect large-scale vulnerability. Through the scanning reports, we finally discover 73 vulnerabilities that are not reported in NVD.

Wei Xiao,Zhengzhang Hou,Tao Wang,Chengxian Zhou,Chao Pan

DOI: https://doi.org/10.1016/j.infsof.2024.107442

IF: 3.9

2024-06-01

Information and Software Technology

Abstract:Software security has drawn extensive attention as software projects have grown increasingly large and complex. Since the traditional manual or equipment vulnerability detection technology cannot meet today's software development needs, there is a recognized need to create more effective techniques to address security issues. Although various vulnerability detection systems have been proposed, most are based only on serialization or graph representation, to inadequate effect. We propose a system, MSGVUL, that provides superior vulnerability detection using a new multi-semantic approach. MSGVUL uses versatile and efficient code slicing employing a search algorithm based on sensitive data and functions and innovatively constructs an SSVEC model to fully integrate the semantic and structural information into the code. We also developed a novel BAG model, made up of BAP and PAG frameworks, that enables the hierarchical extraction of code vulnerability representations from the graph and sequence levels. The MSGVUL model is evaluated on slice-level and function-level vulnerability datasets, and the results demonstrate that the MSGVUL method outperforms other state-of-the-art methods.

computer science, information systems, software engineering

LI Yan,QIANG Weizhong,LI Zhen,ZOU Deqing,JIN Hai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2023085

2023-01-01

Abstract:In recent years,software vulnerabilities have been causing a multitude of security incidents,and the early discovery and patching of vulnerabilities can effectively reduce losses.Traditional rule-based vulnerability detection methods,relying upon rules defined by experts,suffer from a high false negative rate.Deep learning-based methods have the capability to automatically learn potential features of vulnerable programs.However,as software complexity increases,the precision of these methods decreases.On one hand,current methods mostly operate at the function level,thus unable to handle inter-procedural vulnerability samples.On the other hand,models such as BGRU and BLSTM exhibit performance degradation when confronted with long input sequences,and are not adept at capturing long-term dependencies in program statements.To address the aforementioned issues,the existing program slicing method has been optimized,enabling a comprehensive contextual analysis of vulnerabilities triggered across functions through the combination of intra-procedural and inter-procedural slicing.This facilitated the capture of the complete causal relationship of vulnerability triggers.Furthermore,a vulnerability detection task was conducted using a Transformer neural network architecture equipped with a multi-head attention mechanism.This architecture collectively focused on information from different representation subspaces,allowing for the extraction of deep features from nodes.Unlike recurrent neural networks,this approach resolved the issue of information decay and effectively learned the syntax and semantic information of the source program.Experimental results demonstrate that this method achieves an F1 score of 73.4%on a real software dataset.Compared to the comparative methods,it shows an improvement of 13.6%to 40.8%.Furthermore,it successfully detects several vulnerabilities in open-source software,confirming its effectiveness and applicability.

Bin Yuan,Yifan Lu,Yilin Fang,Yueming Wu,Deqing Zou,Zhen Li,Zhi Li,Hai Jin

DOI: https://doi.org/10.1109/icse48619.2023.00190

2023-01-01

Abstract:Software vulnerabilities have posed huge threats to the cyberspace security, and there is an increasing demand for automated vulnerability detection (VD). In recent years, deep learning-based (DL-based) vulnerability detection systems have been proposed for the purpose of automatic feature extraction from source code. Although these methods can achieve ideal performance on synthetic datasets, the accuracy drops a lot when detecting real-world vulnerability datasets. Moreover, these approaches limit their scopes within a single function, being not able to leverage the information between functions. In this paper, we attempt to extract the function's abstract behaviors, figure out the relationships between functions, and use this global information to assist DL-based VD to achieve higher performance. To this end, we build a Behavior Graph Model and use it to design a novel framework, namely VulBG. To examine the ability of our constructed Behavior Graph Model, we choose several existing DL-based VD models (e.g., TextCNN, ASTGRU, CodeBERT, Devign, and VulCNN) as our baseline models and conduct evaluations on two real-world datasets: the balanced FFMpeg+Qemu dataset and the unbalanced Chrome+Debian dataset. Experimental results indicate that VulBG enables all baseline models to detect more real vulnerabilities, thus improving the overall detection performance.

Aidan Z.H. Yang,Haoye Tian,He Ye,Ruben Martins,Claire Le Goues

2024-06-10

Abstract:Software security vulnerabilities allow attackers to perform malicious activities to disrupt software operations. Recent Transformer-based language models have significantly advanced vulnerability detection, surpassing the capabilities of static analysis based deep learning models. However, language models trained solely on code tokens do not capture either the explanation of vulnerability type or the data flow structure information of code, both of which are crucial for vulnerability detection. We propose a novel technique that integrates a multitask sequence-to-sequence LLM with pro-gram control flow graphs encoded as a graph neural network to achieve sequence-to-classification vulnerability detection. We introduce MSIVD, multitask self-instructed fine-tuning for vulnerability detection, inspired by chain-of-thought prompting and LLM self-instruction. Our experiments demonstrate that MSIVD achieves superior performance, outperforming the highest LLM-based vulnerability detector baseline (LineVul), with a F1 score of 0.92 on the BigVul dataset, and 0.48 on the PreciseBugs dataset. By training LLMs and GNNs simultaneously using a combination of code and explanatory metrics of a vulnerable program, MSIVD represents a promising direction for advancing LLM-based vulnerability detection that generalizes to unseen data. Based on our findings, we further discuss the necessity for new labelled security vulnerability datasets, as recent LLMs have seen or memorized prior datasets' held-out evaluation data.

Cryptography and Security,Machine Learning,Software Engineering

Yulun Wu,Ming Wen,Zeliang Yu,Xiaochen Guo,Hai Jin

DOI: https://doi.org/10.1145/3691620.3695013

2024-01-01

Abstract:Open-source software (OSS) has profoundly transformed the software development paradigm by facilitating effortless code reuse. However, in recent years, there has been an alarming increase in disclosed vulnerabilities within OSS, posing significant security risks to downstream users. Therefore, analyzing existing vulnerabilities and precisely assessing their threats to downstream applications become pivotal. Plenty of efforts have been made recently towards this problem, such as vulnerability reachability analysis and vulnerability reproduction. The key to these tasks is identifying the vulnerable function (i.e., the function where the root cause of a vulnerability resides). However, public vulnerability datasets (e.g., NVD) rarely include this information as pinpointing the exact vulnerable functions remains to be a longstanding challenge. Existing methods mainly detect vulnerable functions based on vulnerability patches or Proof-of-Concept (PoC). However, such methods face significant limitations due to data availability and the requirement for extensive manual efforts, thus hindering scalability. To address this issue, we propose a novel approach VFFinder that localizes vulnerable functions based on Common Vulnerabilities and Exposures (CVE) descriptions and the corresponding source code utilizing Large Language Models (LLMs). Specifically, VFFinder adopts a customized in-context learning (ICL) approach based on CVE description patterns to enable LLM to extract key entities. It then performs priority matching with the source code to localize vulnerable functions. We assess the performance of VFFinder on 75 large open-source projects. The results demonstrate that VFFinder surpasses existing baselines significantly. Notably, the Top-1 and MRR metrics have been improved substantially, averaging 4.25X and 2.37X respectively. We also integrate VFFinder with Software Composition Analysis (SCA) tools, and the results show that our tool can reduce the false positive rates of existing SCA tools significantly.

Xue Yuan,Guanjun Lin,Huan Mei,Yonghang Tai,Jun Zhang

DOI: https://doi.org/10.1016/j.jisa.2024.103718

IF: 4.96

2024-02-15

Journal of Information Security and Applications

Abstract:Vulnerability identification is crucial to protecting software systems from attacks. Although numerous learning-based solutions have been suggested to assist in vulnerability identification, these approaches often face challenges due to the scarcity of real-world vulnerability data. To extract as much vulnerability information as possible from limited data, we consider obtaining the characteristics of vulnerabilities from different forms of code by leveraging two distinct deep neural models. First, source code functions are considered to be textual sequences, and Gated Recurrent Unit (GRU) is applied to extract serialized features. Then, Syntax Trees (ASTs) of these functions, which reflects the code structure, are fed to a Gated Graph Recurrent Network (GGRN) to obtain structural features indicative of software vulnerability. To better handle data imbalance issues in real-world scenarios, we employ Random Forest (RF) to construct a predictive model to learn the concatenation of serialized and structural features extracted by GRU and GGRN. To evaluate the proposed approach, we collected 12 open-source projects containing function-level samples and compared the proposed method with a series of baselines, including popular learning-based methods and static analysis tools. The empirical results demonstrate that our proposed approach outperforms the baselines and can identify more vulnerabilities.

computer science, information systems

Wenbo Guo,Yong Fang,Cheng Huang,Haoran Ou,Chun Lin,Yongyan Guo

DOI: https://doi.org/10.1016/j.cose.2022.102823

IF: 5.105

2022-01-01

Computers & Security

Abstract:In recent years, software programs tend to be large and complex, software has become the infrastructure of modern society, but software security issues can not be ignored. software vulnerabilities have become one of the main threats to computer security. There are countless cases of exploiting source code vulnerabilities to launch attacks. At the same time, the development of open source software has made source code vulnerability detection more and more critical. Traditional vulnerability mining methods have been unable to meet the security analysis needs of complex software because of the high false-positive rate and false-negative rate. To resolve the existing problems, we propose a graph neural network vulnerability mining system named HyVulDect based on hybrid semantics, which constructs a composite semantic code property graph for code representation based on the causes of vulnerabilities. A gated graph neural network is used to extract deep semantic information. Since most of the vulnerabilities are data flow associated, we use taint analysis to extract the taint propagation chain, use the BiLSTM model to extract the token-level features of the context, and finally use the classifier to classify the fusion features. We introduce a dual-attention mechanism that allows the model to focus on vulnerability-related code, making it more suitable for vulnerability mining tasks. The experimental results show that HyVulDect outperforms existing state-of-the-art methods and can achieve an accuracy rate of 92% on the benchmark dataset. Compared with the rule-based static mining tools Flawfinder, RATS, and Cppcheck, it has better performance and can effectively detect the actual CVE source code vulnerabilities. (C) 2022 Elsevier Ltd. All rights reserved.

Xin Li,Lu Wang,Yang Xin,Yixian Yang,Qifeng Tang,Yuling Chen

DOI: https://doi.org/10.3390/app11073201

2021-01-01

Applied Sciences

Abstract:Vulnerabilities threaten the security of information systems. It is crucial to detect and patch vulnerabilities before attacks happen. However, existing vulnerability detection methods suffer from long-term dependency, out of vocabulary, bias towards global features or local features, and coarse detection granularity. This paper proposes an automatic vulnerability detection framework in source code based on a hybrid neural network. First, the inputs are transformed into an intermediate representation with explicit structure information using lower level virtual machine intermediate representation (LLVM IR) and backward program slicing. After the transformation, the size of samples and the size of vocabulary are significantly reduced. A hybrid neural network model is then applied to extract high-level features of vulnerability, which learns features both from convolutional neural networks (CNNs) and recurrent neural networks (RNNs). The former is applied to learn local vulnerability features, such as buffer size. Furthermore, the latter is utilized to learn global features, such as data dependency. The extracted features are made up of concatenated outputs of CNN and RNN. Experiments are performed to validate our vulnerability detection method. The results show that our proposed method achieves excellent results with F1-scores of 98.6% and accuracy of 99.0% on the SARD dataset. It outperforms state-of-the-art methods.

Yulin Zhang,Yong Hu,Xiao Chen

DOI: https://doi.org/10.3390/s24051351

IF: 3.9

2024-02-20

Sensors

Abstract:With the increasing use of open-source libraries and secondary development, software projects face security vulnerabilities. Existing studies on source code vulnerability detection rely on natural language processing techniques, but they overlook the intricate dependencies in programming languages. To address this, we propose a framework called Context and Multi-Features-based Vulnerability Detection (CMFVD). CMFVD integrates source code graphs and textual sequences, using a novel slicing method called Context Slicing to capture contextual information. The framework combines graph convolutional networks (GCNs) and bidirectional gated recurrent units (BGRUs) with attention mechanisms to extract local semantic and syntactic information. Experimental results on Software Assurance Reference Datasets (SARDs) demonstrate CMFVD's effectiveness, achieving the highest F1-score of 0.986 and outperforming other models. CMFVD offers a promising approach to identifying and rectifying security flaws in large-scale codebases.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation