Towards Making Deep Learning-based Vulnerability Detectors Robust

08/02/2021
by   Zhen Li, et al.
0

Automatically detecting software vulnerabilities in source code is an important problem that has attracted much attention. In particular, deep learning-based vulnerability detectors, or DL-based detectors, are attractive because they do not need human experts to define features or patterns of vulnerabilities. However, such detectors' robustness is unclear. In this paper, we initiate the study in this aspect by demonstrating that DL-based detectors are not robust against simple code transformations, dubbed attacks in this paper, as these transformations may be leveraged for malicious purposes. As a first step towards making DL-based detectors robust against such attacks, we propose an innovative framework, dubbed ZigZag, which is centered at (i) decoupling feature learning and classifier learning and (ii) using a ZigZag-style strategy to iteratively refine them until they converge to robust features and robust classifiers. Experimental results show that the ZigZag framework can substantially improve the robustness of DL-based detectors.

READ FULL TEXT
research
01/08/2020

VulDeeLocator: A Deep Learning-based Fine-grained Vulnerability Detector

Automatically detecting software vulnerabilities is an important problem...
research
11/21/2021

Challenging Machine Learning-based Clone Detectors via Semantic-preserving Code Transformations

Software clone detection identifies similar code snippets. It has been a...
research
08/18/2023

Attacking logo-based phishing website detectors with adversarial perturbations

Recent times have witnessed the rise of anti-phishing schemes powered by...
research
04/11/2018

Detecting Malicious PowerShell Commands using Deep Neural Networks

Microsoft's PowerShell is a command-line shell and scripting language th...
research
03/05/2022

MVD: Memory-Related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks

Memory-related vulnerabilities constitute severe threats to the security...
research
09/29/2022

IvySyn: Automated Vulnerability Discovery for Deep Learning Frameworks

We present IvySyn: the first fully-automated framework for vulnerability...
research
09/19/2022

Cross Project Software Vulnerability Detection via Domain Adaptation and Max-Margin Principle

Software vulnerabilities (SVs) have become a common, serious and crucial...

Please sign up or login with your details

Forgot password? Click here to reset