UltraVCS: Ultra-Fine-Grained Variable-Based Code Slicing for Automated Vulnerability Detection

计算机科学 程序切片 切片 变量(数学) 脆弱性(计算) 编码(集合论) 程序设计语言 计算机安全 计算机图形学(图像) 集合(抽象数据类型) 数学 数学分析
作者
Tongshuai Wu,Liwei Chen,Gewangzi Du,Dan Meng,Gang Shi
出处
期刊:IEEE Transactions on Information Forensics and Security [Institute of Electrical and Electronics Engineers]
卷期号:19: 3986-4000 被引量:19
标识
DOI:10.1109/tifs.2024.3374219
摘要

Detecting vulnerabilities in source code using deep learning models is emerging as a valuable research area. The key issue in using deep learning to detect vulnerabilities is the accurate representation. Current approaches for detecting vulnerabilities in C/C++ programs use functions or lines of code as the unit and only consider the basic syntactic structure of vulnerabilities. Unfortunately, functions and lines of code still have vulnerability-unrelated information, which is redundant for vulnerability features and is not conducive to deep learning models to learn accurate vulnerability patterns. This paper deeply analyzes the essential features of vulnerabilities and attacks. Then, we propose a novel variable-based deep learning vulnerability detection method for C/C++ that is more granular than existing function- or line of code-based vulnerability detection methods. Based on the triggering mechanism of vulnerabilities and typical memory attacks, we propose the concepts of key variables and insecure operations; these are used to propose new rules for determining the center point of code slices with more accurate vulnerability features. We propose the first ultra-fine-grained variable-based code slicing (UltraVCS) method by the new center point, which focuses on the vulnerability-related variable. This method removes as much vulnerability-unrelated information as possible to achieve more accurate vulnerability feature extraction. Experiments show that our approach can generate more code slices, achieve more precise vulnerability representation, and perform better vulnerability detection in open-source projects compared to state-of-the-art methods. Furthermore, we have discovered four zero-day vulnerabilities in real-world application scenarios in open-source projects.
最长约 10秒,即可获得该文献文件

科研通智能强力驱动
Strongly Powered by AbleSci AI
科研通是完全免费的文献互助平台,具备全网最快的应助速度,最高的求助完成率。 对每一个文献求助,科研通都将尽心尽力,给求助人一个满意的交代。
实时播报
hhh发布了新的文献求助10
刚刚
volcano发布了新的文献求助20
刚刚
呵呵关注了科研通微信公众号
刚刚
ccxb1014ft发布了新的文献求助10
刚刚
orixero应助贪玩的可乐采纳,获得10
1秒前
1秒前
1秒前
junge应助23XZYZN采纳,获得10
1秒前
赘婿应助blank采纳,获得10
1秒前
1秒前
三国杀校老弟应助lichaoyes采纳,获得10
2秒前
巴扎黑应助yu采纳,获得10
2秒前
少稍稍发布了新的文献求助10
2秒前
烟花应助aaaaa11111采纳,获得10
2秒前
西瓜瓜完成签到,获得积分10
2秒前
3秒前
3秒前
3秒前
阳光小松鼠完成签到,获得积分10
4秒前
一平发布了新的文献求助20
4秒前
传奇3应助1123采纳,获得10
4秒前
英姑应助123采纳,获得10
4秒前
4秒前
小鹿完成签到,获得积分10
4秒前
这一天完成签到,获得积分10
4秒前
ZHY完成签到,获得积分20
5秒前
OK应助科研通管家采纳,获得50
5秒前
wqm应助科研通管家采纳,获得10
5秒前
Orange应助科研通管家采纳,获得10
5秒前
深情安青应助科研通管家采纳,获得10
5秒前
随机截距应助ruan采纳,获得10
5秒前
bkagyin应助科研通管家采纳,获得10
5秒前
lizishu应助zx采纳,获得10
5秒前
5秒前
Hello应助zx采纳,获得10
5秒前
yjh123应助科研通管家采纳,获得20
5秒前
ZINI发布了新的文献求助10
5秒前
CodeCraft应助科研通管家采纳,获得10
6秒前
ding应助科研通管家采纳,获得10
6秒前
慕青应助科研通管家采纳,获得10
6秒前
高分求助中
Principles of Economics, 11th Edition 10000
University Physics with Modern Physics, 16th edition 10000
(应助此贴封号)【重要!!请各用户(尤其是新用户)详细阅读】【科研通的精品贴汇总】 10000
Molecular Mechanisms of Photosynthesis, 4th Edition 1000
Organic Reactions, Volume 116 1000
Current concepts in cutaneous toxicity : proceedings of the Fourth Conference on Cutaneous Toxicity, Washington, D.C., May 9-11, 1979 1000
The recovery-stress questionnaires : user manual 800
热门求助领域 (近24小时)
化学 材料科学 医学 生物 纳米技术 工程类 有机化学 化学工程 生物化学 计算机科学 内科学 物理 复合材料 催化作用 细胞生物学 无机化学 光电子学 物理化学 电极 基因
热门帖子
关注 科研通微信公众号,转发送积分 7258598
求助须知:如何正确求助?哪些是违规求助? 8880530
关于积分的说明 18762982
捐赠科研通 6938996
什么是DOI,文献DOI怎么找? 3201380
关于科研通互助平台的介绍 2375332
邀请新用户注册赠送积分活动 2177136