mVulSniffer: a multi-type source code vulnerability sniffer method
Given the problem that the code slice used by existing deep learning-based vulnerability sniffer methods could not comprehensively encompass the subtle characteristics between vulnerability classes, and a single deep learning sniffer model had insufficient ability to learn long context-dependent inf...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2023-09-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2023184/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539224245895168 |
|---|---|
| author | Xuejun ZHANG Fenghe ZHANG Jiyang GAI Xiaogang DU Wenjie ZHOU Teli CAI Bo ZHAO |
| author_facet | Xuejun ZHANG Fenghe ZHANG Jiyang GAI Xiaogang DU Wenjie ZHOU Teli CAI Bo ZHAO |
| author_sort | Xuejun ZHANG |
| collection | DOAJ |
| description | Given the problem that the code slice used by existing deep learning-based vulnerability sniffer methods could not comprehensively encompass the subtle characteristics between vulnerability classes, and a single deep learning sniffer model had insufficient ability to learn long context-dependent information between cross-file and cross-function code statements, a multi-type source code vulnerability sniffer method was proposed.Firstly, fine-grained two-level slices containing the types of vulnerabilities were extracted based on the control dependency and data dependency information in program dependency graph.Secondly, the two-level slices were transformed into initial feature vector.Finally, a fusion model of deep learning vulnerability sniffer suitable for two-level slices was constructed to achieve accurate vulnerability detection of multi-type source code.The experimental results on multiple synthetic datasets and two real datasets show that the proposed method outperforms the existing multi-type source code vulnerability sniffer methods. |
| format | Article |
| id | doaj-art-b2ec69e738014c04831d144f2beb5ae4 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2023-09-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-b2ec69e738014c04831d144f2beb5ae42025-01-14T07:23:33ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2023-09-014414916059836074mVulSniffer: a multi-type source code vulnerability sniffer methodXuejun ZHANGFenghe ZHANGJiyang GAIXiaogang DUWenjie ZHOUTeli CAIBo ZHAOGiven the problem that the code slice used by existing deep learning-based vulnerability sniffer methods could not comprehensively encompass the subtle characteristics between vulnerability classes, and a single deep learning sniffer model had insufficient ability to learn long context-dependent information between cross-file and cross-function code statements, a multi-type source code vulnerability sniffer method was proposed.Firstly, fine-grained two-level slices containing the types of vulnerabilities were extracted based on the control dependency and data dependency information in program dependency graph.Secondly, the two-level slices were transformed into initial feature vector.Finally, a fusion model of deep learning vulnerability sniffer suitable for two-level slices was constructed to achieve accurate vulnerability detection of multi-type source code.The experimental results on multiple synthetic datasets and two real datasets show that the proposed method outperforms the existing multi-type source code vulnerability sniffer methods.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2023184/multi-type vulnerabilities snifferdeep learningattention mechanismdata dependencycontrol dependency |
| spellingShingle | Xuejun ZHANG Fenghe ZHANG Jiyang GAI Xiaogang DU Wenjie ZHOU Teli CAI Bo ZHAO mVulSniffer: a multi-type source code vulnerability sniffer method Tongxin xuebao multi-type vulnerabilities sniffer deep learning attention mechanism data dependency control dependency |
| title | mVulSniffer: a multi-type source code vulnerability sniffer method |
| title_full | mVulSniffer: a multi-type source code vulnerability sniffer method |
| title_fullStr | mVulSniffer: a multi-type source code vulnerability sniffer method |
| title_full_unstemmed | mVulSniffer: a multi-type source code vulnerability sniffer method |
| title_short | mVulSniffer: a multi-type source code vulnerability sniffer method |
| title_sort | mvulsniffer a multi type source code vulnerability sniffer method |
| topic | multi-type vulnerabilities sniffer deep learning attention mechanism data dependency control dependency |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2023184/ |
| work_keys_str_mv | AT xuejunzhang mvulsnifferamultitypesourcecodevulnerabilitysniffermethod AT fenghezhang mvulsnifferamultitypesourcecodevulnerabilitysniffermethod AT jiyanggai mvulsnifferamultitypesourcecodevulnerabilitysniffermethod AT xiaogangdu mvulsnifferamultitypesourcecodevulnerabilitysniffermethod AT wenjiezhou mvulsnifferamultitypesourcecodevulnerabilitysniffermethod AT telicai mvulsnifferamultitypesourcecodevulnerabilitysniffermethod AT bozhao mvulsnifferamultitypesourcecodevulnerabilitysniffermethod |