Out of sight, out of mind: Better automatic vulnerability repair by broadening input ranges and sources
The advances of deep learning (DL) have paved the way for automatic software vulnerability repair approaches, which effectively learn the mapping from the vulnerable code to the fixed code. Nevertheless, existing DL-based vulnerability repair methods face notable limitations: 1) they struggle to han...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2024
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/9248 https://ink.library.smu.edu.sg/context/sis_research/article/10248/viewcontent/3597503.3639222.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-10248 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-102482024-09-02T06:41:13Z Out of sight, out of mind: Better automatic vulnerability repair by broadening input ranges and sources ZHOU, Xin KIM, Kisub XU, Bowen HAN, DongGyun LO, David The advances of deep learning (DL) have paved the way for automatic software vulnerability repair approaches, which effectively learn the mapping from the vulnerable code to the fixed code. Nevertheless, existing DL-based vulnerability repair methods face notable limitations: 1) they struggle to handle lengthy vulnerable code, 2) they treat code as natural language texts, neglecting its inherent structure, and 3) they do not tap into the valuable expert knowledge present in the expert system. To address this, we propose VulMaster, a Transformer-based neural network model that excels at generating vulnerability repairs by comprehensively understanding the entire vulnerable code, irrespective of its length. This model also integrates diverse information, encompassing vulnerable code structures and expert knowledge from the CWE system. We evaluated VulMaster on a real-world C/C++ vulnerability repair dataset comprising 1,754 projects with 5,800 vulnerable functions. The experimental results demonstrated that VulMaster exhibits substantial improvements compared to the learning-based state-of-the-art vulnerability repair approach. Specifically, VulMaster improves the EM, BLEU, and CodeBLEU scores from 10.2% to 20.0%, 21.3% to 29.3%, and 32.5% to 40.9%, respectively. 2024-04-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9248 info:doi/10.1145/3597503.3639222 https://ink.library.smu.edu.sg/context/sis_research/article/10248/viewcontent/3597503.3639222.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Software Engineering |
| spellingShingle |
Software Engineering ZHOU, Xin KIM, Kisub XU, Bowen HAN, DongGyun LO, David Out of sight, out of mind: Better automatic vulnerability repair by broadening input ranges and sources |
| description |
The advances of deep learning (DL) have paved the way for automatic software vulnerability repair approaches, which effectively learn the mapping from the vulnerable code to the fixed code. Nevertheless, existing DL-based vulnerability repair methods face notable limitations: 1) they struggle to handle lengthy vulnerable code, 2) they treat code as natural language texts, neglecting its inherent structure, and 3) they do not tap into the valuable expert knowledge present in the expert system. To address this, we propose VulMaster, a Transformer-based neural network model that excels at generating vulnerability repairs by comprehensively understanding the entire vulnerable code, irrespective of its length. This model also integrates diverse information, encompassing vulnerable code structures and expert knowledge from the CWE system. We evaluated VulMaster on a real-world C/C++ vulnerability repair dataset comprising 1,754 projects with 5,800 vulnerable functions. The experimental results demonstrated that VulMaster exhibits substantial improvements compared to the learning-based state-of-the-art vulnerability repair approach. Specifically, VulMaster improves the EM, BLEU, and CodeBLEU scores from 10.2% to 20.0%, 21.3% to 29.3%, and 32.5% to 40.9%, respectively. |
| format |
text |
| author |
ZHOU, Xin KIM, Kisub XU, Bowen HAN, DongGyun LO, David |
| author_facet |
ZHOU, Xin KIM, Kisub XU, Bowen HAN, DongGyun LO, David |
| author_sort |
ZHOU, Xin |
| title |
Out of sight, out of mind: Better automatic vulnerability repair by broadening input ranges and sources |
| title_short |
Out of sight, out of mind: Better automatic vulnerability repair by broadening input ranges and sources |
| title_full |
Out of sight, out of mind: Better automatic vulnerability repair by broadening input ranges and sources |
| title_fullStr |
Out of sight, out of mind: Better automatic vulnerability repair by broadening input ranges and sources |
| title_full_unstemmed |
Out of sight, out of mind: Better automatic vulnerability repair by broadening input ranges and sources |
| title_sort |
out of sight, out of mind: better automatic vulnerability repair by broadening input ranges and sources |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2024 |
| url |
https://ink.library.smu.edu.sg/sis_research/9248 https://ink.library.smu.edu.sg/context/sis_research/article/10248/viewcontent/3597503.3639222.pdf |
| _version_ |
1814047844137435136 |