VulDeeLocator: A Deep Learning-based Fine-grained Vulnerability Detector

01/08/2020
by   Zhen Li, et al.
0

Automatically detecting software vulnerabilities is an important problem that has attracted much attention. However, existing vulnerability detectors still cannot achieve the vulnerability detection capability and locating precision that would warrant their adoption for real-world use. In this paper, we present Vulnerability Deep Learning-based Locator (VulDeeLocator), a deep learning-based fine-grained vulnerability detector, for C programs with source code. VulDeeLocator advances the state-of-the-art by simultaneously achieving a high detection capability and a high locating precision. When applied to three real-world software products, VulDeeLocator detects four vulnerabilities that are not reported in the National Vulnerability Database (NVD); among these four vulnerabilities, three are not known to exist in these products until now, but the other one has been "silently" patched by the vendor when releasing newer versions of the vulnerable product. The core innovations underlying VulDeeLocator are (i) the leverage of intermediate code to accommodate semantic information that cannot be conveyed by source code-based representations, and (ii) the concept of granularity refinement for precisely pinning down locations of vulnerabilities.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
01/05/2018

VulDeePecker: A Deep Learning-Based System for Vulnerability Detection

The automatic detection of software vulnerabilities is an important rese...
research
01/08/2020

μVulDeePecker: A Deep Learning-Based System for Multiclass Vulnerability Detection

Fine-grained software vulnerability detection is an important and challe...
research
01/20/2022

VUDENC: Vulnerability Detection with Deep Learning on a Natural Codebase for Python

Context: Identifying potential vulnerable code is important to improve t...
research
08/02/2021

Towards Making Deep Learning-based Vulnerability Detectors Robust

Automatically detecting software vulnerabilities in source code is an im...
research
07/18/2018

SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities

The detection of software vulnerabilities (or vulnerabilities for short)...
research
06/19/2021

Vulnerability Detection with Fine-grained Interpretations

Despite the successes of machine learning (ML) and deep learning (DL) ba...
research
10/21/2020

SeqTrans: Automatic Vulnerability Fix via Sequence to Sequence Learning

Software vulnerabilities are now reported at an unprecedented speed due ...

Please sign up or login with your details

Forgot password? Click here to reset