Files and links (2)
Published (Version of record)CC BY V4.0, Open Access
Published (Version of record)CC BY V4.0, Open
Conference proceeding
Enhancing Code Vulnerability Detection via Vulnerability-Preserving Data Augmentation
Proceedings of the 25th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems, pp.166-177
ACM Conferences
LCTES '24: ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems, 25th (Copenhagen, Denmark, 24/06/2024)
06/2024
Metrics
3 File views/ downloads
37 Record Views
Abstract
Source code vulnerability detection aims to identify inherent vulnerabilities to safeguard software systems from potential attacks. Many prior studies overlook diverse vulnerability characteristics, simplifying the problem into a binary (0-1) classification task for example determining whether it is vulnerable or not. This poses a challenge for a single deep-learning based model to effectively learn the wide array of vulnerability characteristics. Furthermore, due to the challenges associated with collecting large-scale vulnerability data, these detectors often overfit limited training datasets, resulting in lower model generalization performance. To address the aforementioned challenges, in this work, we introduce a fine-grained vulnerability detector namely FGVulDet. Unlike previous approaches, FGVulDet employs multiple classifiers to discern characteristics of various vulnerability types and combines their outputs to identify the specific type of vulnerability. Each classifier is designed to learn type-specific vulnerability semantics. Additionally, to address the scarcity of data for some vulnerability types and enhance data diversity for learning better vulnerability semantics, we propose a novel vulnerability-preserving data augmentation technique to augment the number of vulnerabilities. Taking inspiration from recent advancements in graph neural networks for learning program semantics, we incorporate a Gated Graph Neural Network (GGNN) and extend it to an edge-aware GGNN to capture edge-type information. FGVulDet is trained on a large-scale dataset from GitHub, encompassing five different types of vulnerabilities. Extensive experiments compared with static-analysis-based approaches and learning-based approaches have demonstrated the effectiveness of FGVulDet.
Details
- Title
- Enhancing Code Vulnerability Detection via Vulnerability-Preserving Data Augmentation
- Creators
- Shangqing Liu - Nanyang Technological UniversityWei Ma - Nanyang Technological UniversityJian Wang - Nanyang Technological UniversityXiaofei Xie - Singapore Management UniversityRuitao Feng - Singapore Management UniversityYang Liu - Nanyang Technological University
- Publication Details
- Proceedings of the 25th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems, pp.166-177
- Conference
- LCTES '24: ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems, 25th (Copenhagen, Denmark, 24/06/2024)
- Series
- ACM Conferences
- Publisher
- Association for Computing Machinery
- Identifiers
- 991013214782502368
- Copyright
- Copyright © 2024 Owner/Author. This work is licensed under a Creative Commons Attribution International 4.0 License.
- Academic Unit
- Information Technology; Faculty of Science and Engineering
- Language
- English
- Resource Type
- Conference proceeding