Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing
Learning-based approaches that learn code representations for software vulnerability detection have been proven to produce inspiring results. However, they still fail to capture complete and precise vulnerability semantics for code representations. To address the limitations, in this work, we propos...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2023
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8578 https://ink.library.smu.edu.sg/context/sis_research/article/9581/viewcontent/LearningProgamSemantics_pvoa_cc_by.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9581 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-95812024-01-25T08:56:02Z Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing WU, Bozhi LIU, Shangqing YANG, Xiao LI, Zhiming SUN, Jun LIN, Shang-Wei Learning-based approaches that learn code representations for software vulnerability detection have been proven to produce inspiring results. However, they still fail to capture complete and precise vulnerability semantics for code representations. To address the limitations, in this work, we propose a learning-based approach namely SnapVuln, which first utilizes multiple vulnerability-specific inter-procedural slicing algorithms to capture vulnerability semantics of various types and then employs a Gated Graph Neural Network (GGNN) with an attention mechanism to learn vulnerability semantics. We compare SnapVuln with state-of-the-art learning-based approaches on two public datasets, and confirm that SnapVuln outperforms them. We further perform an ablation study and demonstrate that the completeness and precision of vulnerability semantics captured by SnapVuln contribute to the performance improvement. 2023-12-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8578 info:doi/10.1145/3611643.3616351 https://ink.library.smu.edu.sg/context/sis_research/article/9581/viewcontent/LearningProgamSemantics_pvoa_cc_by.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University code representations program semantics Vulnerability detection Artificial Intelligence and Robotics Information Security Theory and Algorithms |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
code representations program semantics Vulnerability detection Artificial Intelligence and Robotics Information Security Theory and Algorithms |
| spellingShingle |
code representations program semantics Vulnerability detection Artificial Intelligence and Robotics Information Security Theory and Algorithms WU, Bozhi LIU, Shangqing YANG, Xiao LI, Zhiming SUN, Jun LIN, Shang-Wei Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing |
| description |
Learning-based approaches that learn code representations for software vulnerability detection have been proven to produce inspiring results. However, they still fail to capture complete and precise vulnerability semantics for code representations. To address the limitations, in this work, we propose a learning-based approach namely SnapVuln, which first utilizes multiple vulnerability-specific inter-procedural slicing algorithms to capture vulnerability semantics of various types and then employs a Gated Graph Neural Network (GGNN) with an attention mechanism to learn vulnerability semantics. We compare SnapVuln with state-of-the-art learning-based approaches on two public datasets, and confirm that SnapVuln outperforms them. We further perform an ablation study and demonstrate that the completeness and precision of vulnerability semantics captured by SnapVuln contribute to the performance improvement. |
| format |
text |
| author |
WU, Bozhi LIU, Shangqing YANG, Xiao LI, Zhiming SUN, Jun LIN, Shang-Wei |
| author_facet |
WU, Bozhi LIU, Shangqing YANG, Xiao LI, Zhiming SUN, Jun LIN, Shang-Wei |
| author_sort |
WU, Bozhi |
| title |
Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing |
| title_short |
Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing |
| title_full |
Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing |
| title_fullStr |
Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing |
| title_full_unstemmed |
Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing |
| title_sort |
learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2023 |
| url |
https://ink.library.smu.edu.sg/sis_research/8578 https://ink.library.smu.edu.sg/context/sis_research/article/9581/viewcontent/LearningProgamSemantics_pvoa_cc_by.pdf |
| _version_ |
1789483279514075136 |