DeepVulSeeker: A Novel Vulnerability Identification Framework via Code Graph Structure and Pre-training Mechanism

11/23/2022
by   Jin Wang, et al.
0

Software vulnerabilities can pose severe harms to a computing system. They can lead to system crash, privacy leakage, or even physical damage. Correctly identifying vulnerabilities among enormous software codes in a timely manner is so far the essential prerequisite to patch them. Unfortantely, the current vulnerability identification methods, either the classic ones or the deep-learning-based ones, have several critical drawbacks, making them unable to meet the present-day demands put forward by the software industry. To overcome the drawbacks, in this paper, we propose DeepVulSeeker, a novel fully automated vulnerability identification framework, which leverages both code graph structures and the semantic features with the help of the recently advanced Graph Representation Self-Attention and pre-training mechanisms. Our experiments show that DeepVulSeeker not only reaches an accuracy as high as 0.99 on traditional CWE datasets, but also outperforms all other exisiting methods on two highly-complicated datasets. We also testified DeepVulSeeker based on three case studies, and found that DeepVulSeeker is able to understand the implications of the vulnerbilities. We have fully implemented DeepVulSeeker and open-sourced it for future follow-up research.

READ FULL TEXT
research
07/29/2023

JFinder: A Novel Architecture for Java Vulnerability Identification Based Quad Self-Attention and Pre-training Mechanism

Software vulnerabilities pose significant risks to computer systems, imp...
research
09/05/2023

VFFINDER: A Graph-based Approach for Automated Silent Vulnerability-Fix Identification

The increasing reliance of software projects on third-party libraries ha...
research
09/15/2023

Silent Vulnerability-fixing Commit Identification Based on Graph Neural Networks

The growing dependence of software projects on external libraries has ge...
research
04/17/2023

Code-centric Learning-based Just-In-Time Vulnerability Detection

Attacks against computer systems exploiting software vulnerabilities can...
research
04/17/2023

An Unbiased Transformer Source Code Learning with Semantic Vulnerability Graph

Over the years, open-source software systems have become prey to threat ...
research
06/26/2023

Can An Old Fashioned Feature Extraction and A Light-weight Model Improve Vulnerability Type Identification Performance?

Recent advances in automated vulnerability detection have achieved poten...
research
07/19/2022

Enhancing Security Patch Identification by Capturing Structures in Commits

With the rapid increasing number of open source software (OSS), the majo...

Please sign up or login with your details

Forgot password? Click here to reset