Learning Program Semantics for Vulnerability Detection via Vulnerability-specific Inter-procedural Slicing
Recently, the learning-based approaches that learn code representations for software vulnerability detection have been proven to produce inspiring results. However, they still suffer from some limitations. On one hand, some learning-based works learn code representation on a single function for vulnerability detection, which ignore the fact that some vulnerabilities span multiple functions. On the other hand, other works attempt to leverage slicing techniques to extract the program semantics of vulnerable parts to generate code representations for vulnerability detection but fail to slice out precise vulnerable parts due to the wide variety of vulnerabilities that cannot be accurately captured by one general slicing algorithm. To address the limitations, in this paper, we propose a learning-based approach namely SnapVuln, which utilizes multiple type-specific inter-procedural slicing algorithms that operate on inter-procedural graphs to capture precise program semantics of various vulnerability types and leverages a Gated Graph Neural Network (GGNN) with an attention mechanism to learn graph structure information and assign different weights to different program semantics for code representation generation. We conduct extensive experiments on two public datasets, and compare SnapVuln with five state-of-the-art learning-based vulnerability detection approaches and two pre-trained approaches. Experimental results show that SnapVuln outperforms these baselines. We further perform an ablation study to demonstrate that the completeness and precision of vulnerability semantics captured by SnapVuln contribute to the improvement of vulnerability detection.
Thu 7 DecDisplayed time zone: Pacific Time (US & Canada) change
11:00 - 12:30 | Machine Learning IVResearch Papers / Ideas, Visions and Reflections / Industry Papers at Golden Gate C2 Chair(s): Diptikalyan Saha IBM Research India | ||
11:00 15mTalk | Dynamic Data Fault Localization for Deep Neural Networks Research Papers Yining Yin Nanjing University, China, Yang Feng Nanjing University, Shihao Weng Nanjing University, Zixi Liu Nanjing University, Yuan Yao Nanjing University, Yichi Zhang Nanjing University, Zhihong Zhao , Zhenyu Chen Nanjing University Media Attached | ||
11:15 15mTalk | Assisting Static Analysis with Large Language Models: A ChatGPT Experiment Ideas, Visions and Reflections Haonan Li University of California at Riverside, USA, Yu Hao University of California at Riverside, USA, Yizhuo Zhai University of California at Riverside, USA, Zhiyun Qian University of California at Riverside, USA Media Attached | ||
11:30 15mTalk | Understanding the Bug Characteristics and Fix Strategies of Federated Learning Systems Research Papers Xiaohu Du Huazhong University of Science and Technology, Xiao CHEN Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Jialun Cao Hong Kong University of Science and Technology, Ming Wen Huazhong University of Science and Technology, Shing-Chi Cheung Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Hai Jin Huazhong University of Science and Technology Media Attached | ||
11:45 15mTalk | EvoCLINICAL: Evolving Cyber-Cyber Digital Twin with Active Transfer Learning for Automated Cancer Registry System Industry Papers Chengjie Lu Simula Research Laboratory; University of Oslo, Xu Qinghua Simula Research Laboratory; University of Oslo, Tao Yue Beihang University, Shaukat Ali Simula Research Laboratory and Oslo Metropolitan University, Thomas Schwitalla Cancer Registry of Norway, Jan F. Nygård Cancer Registry of Norway DOI Media Attached | ||
12:00 15mTalk | Learning Program Semantics for Vulnerability Detection via Vulnerability-specific Inter-procedural Slicing Research Papers bozhi wu Singapore Management University, Shangqing Liu Nanyang Technological University, Yang Xiao Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zhiming Li Nanyang Technological University, Singapore, Jun Sun Singapore Management University, Shang-Wei Lin Nanyang Technological University Media Attached | ||
12:15 15mTalk | [Remote] DeepRover: A Query-efficient Blackbox Attack for Deep Neural Networks Research Papers Fuyuan Zhang Kyushu University, Xinwen Hu Hunan Normal University, Lei Ma The University of Tokyo / University of Alberta, Jianjun Zhao Kyushu University Media Attached |