UltraVCS: Ultra-Fine-Grained Variable-Based Code Slicing for Automated Vulnerability Detection

计算机科学 程序切片 切片 变量(数学) 脆弱性(计算) 编码(集合论) 程序设计语言 计算机安全 计算机图形学(图像) 集合(抽象数据类型) 数学 数学分析
作者
Tongshuai Wu,Liwei Chen,Gewangzi Du,Dan Meng,Gang Shi
出处
期刊:IEEE Transactions on Information Forensics and Security [Institute of Electrical and Electronics Engineers]
卷期号:19: 3986-4000 被引量:19
标识
DOI:10.1109/tifs.2024.3374219
摘要

Detecting vulnerabilities in source code using deep learning models is emerging as a valuable research area. The key issue in using deep learning to detect vulnerabilities is the accurate representation. Current approaches for detecting vulnerabilities in C/C++ programs use functions or lines of code as the unit and only consider the basic syntactic structure of vulnerabilities. Unfortunately, functions and lines of code still have vulnerability-unrelated information, which is redundant for vulnerability features and is not conducive to deep learning models to learn accurate vulnerability patterns. This paper deeply analyzes the essential features of vulnerabilities and attacks. Then, we propose a novel variable-based deep learning vulnerability detection method for C/C++ that is more granular than existing function- or line of code-based vulnerability detection methods. Based on the triggering mechanism of vulnerabilities and typical memory attacks, we propose the concepts of key variables and insecure operations; these are used to propose new rules for determining the center point of code slices with more accurate vulnerability features. We propose the first ultra-fine-grained variable-based code slicing (UltraVCS) method by the new center point, which focuses on the vulnerability-related variable. This method removes as much vulnerability-unrelated information as possible to achieve more accurate vulnerability feature extraction. Experiments show that our approach can generate more code slices, achieve more precise vulnerability representation, and perform better vulnerability detection in open-source projects compared to state-of-the-art methods. Furthermore, we have discovered four zero-day vulnerabilities in real-world application scenarios in open-source projects.
最长约 10秒,即可获得该文献文件

科研通智能强力驱动
Strongly Powered by AbleSci AI
科研通是完全免费的文献互助平台,具备全网最快的应助速度,最高的求助完成率。 对每一个文献求助,科研通都将尽心尽力,给求助人一个满意的交代。
实时播报
善良茗茗发布了新的文献求助30
刚刚
苹果发布了新的文献求助10
刚刚
CodeCraft应助cheungkeeyuen采纳,获得10
刚刚
忧伤的薯片完成签到 ,获得积分20
2秒前
firefly发布了新的文献求助10
3秒前
3秒前
mojiali关注了科研通微信公众号
3秒前
hhha发布了新的文献求助10
3秒前
4秒前
4秒前
Camellia完成签到,获得积分10
4秒前
4秒前
小二郎应助pennell01采纳,获得10
5秒前
lululu发布了新的文献求助20
5秒前
完美世界应助Loeop采纳,获得10
5秒前
6秒前
华仔应助孟宪岗采纳,获得10
6秒前
巷子里的猫完成签到,获得积分10
6秒前
JazzWon发布了新的文献求助10
6秒前
Knowledge发布了新的文献求助10
7秒前
As故完成签到,获得积分10
8秒前
优雅的盼夏完成签到 ,获得积分10
8秒前
hhha完成签到,获得积分10
10秒前
10秒前
深情安青应助zzz采纳,获得10
12秒前
cheungkeeyuen发布了新的文献求助10
12秒前
uuuu发布了新的文献求助20
12秒前
孤独书白发布了新的文献求助20
12秒前
王三石发布了新的文献求助10
12秒前
12秒前
XN完成签到,获得积分10
13秒前
111完成签到,获得积分10
15秒前
CipherSage应助夜雨采纳,获得10
16秒前
16秒前
科研通AI6.4应助Miranda采纳,获得10
17秒前
18秒前
小豆包发布了新的文献求助10
18秒前
18秒前
小p完成签到,获得积分10
19秒前
瘦瘦逊发布了新的文献求助10
19秒前
高分求助中
Cronologia da história de Macau 5000
Merrill's Atlas of Radiographic Positioning and Procedures - 3-Volume Set, 16th Edition 2000
Erwählung und Berufung bei Paulus: Bedeutung, Entwicklung und Funktion einer Vorstellung in ihrem frühjüdischen und griechisch-römischen Kontext 850
Matrix Methods in Data Mining and Pattern Recognition 510
Interactions of Vowel Quality and Prosody in East Slavic 500
Vander's Renal Physiology第10版 500
CLSI M27M44S Performance Standards for Antifungal Susceptibility Testing of Yeasts Fourth Edition 400
热门求助领域 (近24小时)
化学 材料科学 医学 生物 纳米技术 工程类 有机化学 化学工程 生物化学 计算机科学 内科学 物理 复合材料 催化作用 细胞生物学 无机化学 光电子学 物理化学 电极 基因
热门帖子
关注 科研通微信公众号,转发送积分 7118849
求助须知:如何正确求助?哪些是违规求助? 8771344
关于积分的说明 18547847
捐赠科研通 6691711
什么是DOI,文献DOI怎么找? 3147211
关于科研通互助平台的介绍 2265232
邀请新用户注册赠送积分活动 2121757