mVulSniffer: a multi-type source code vulnerability sniffer method

Xuejun ZHANG; Fenghe ZHANG; Jiyang GAI; Xiaogang DU; Wenjie ZHOU; Teli CAI; Bo ZHAO

Tongxin xuebao (Sep 2023)

mVulSniffer: a multi-type source code vulnerability sniffer method

Xuejun ZHANG,
Fenghe ZHANG,
Jiyang GAI,
Xiaogang DU,
Wenjie ZHOU,
Teli CAI,
Bo ZHAO

Affiliations

Xuejun ZHANG
Fenghe ZHANG
Jiyang GAI
Xiaogang DU
Wenjie ZHOU
Teli CAI
Bo ZHAO

Journal volume & issue: Vol. 44
pp. 149 – 160

Abstract

Read online

Given the problem that the code slice used by existing deep learning-based vulnerability sniffer methods could not comprehensively encompass the subtle characteristics between vulnerability classes, and a single deep learning sniffer model had insufficient ability to learn long context-dependent information between cross-file and cross-function code statements, a multi-type source code vulnerability sniffer method was proposed.Firstly, fine-grained two-level slices containing the types of vulnerabilities were extracted based on the control dependency and data dependency information in program dependency graph.Secondly, the two-level slices were transformed into initial feature vector.Finally, a fusion model of deep learning vulnerability sniffer suitable for two-level slices was constructed to achieve accurate vulnerability detection of multi-type source code.The experimental results on multiple synthetic datasets and two real datasets show that the proposed method outperforms the existing multi-type source code vulnerability sniffer methods.

multi-type vulnerabilities sniffer;deep learning;attention mechanism;data dependency;control dependency

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords