Hierarchical Attention Network for Interpretable and Fine-Grained Vulnerability Detection

Mianxue Gu, Hantao Feng, Hongyu Sun, Peng Liu, Qiuling Yue, Jinglu Hu, Chunjie Cao, Yuqing Zhang*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

With the rapid development of software technology, the number of vulnerabilities is proliferating, which makes vulnerability detection an important topic of security research. Existing works only focus on predicting whether a given program code is vulnerable but less interpretable. To overcome these deficits, we first apply the hierarchical attention network into vulnerability detection for interpretable and fine-grained vulnerability discovery. Especially, our model consists of two level attention layers at both the line-level and the token-level of the code to locate which lines or tokens are important to discover vulnerabilities. Furthermore, in order to accurately extract features from source code, we process the code based on the abstract syntax tree and embed the syntax tokens into vectors. We evaluate the performance of our model on two widely used benchmark datasets, CWE-119 (Buffer Error) and CWE399 (Resource Management Error) from SARD. Experiments show that the F1 score of our model achieves 86.1% (CWE-119) and 90.0% (CWE-399) on two datasets, which is significantly better than the-state-of-the-art models. In particular, our model can directly mark the importance of different lines and different tokens, which can provide useful information for further vulnerability exploitation and repair.

Original languageEnglish
Title of host publicationINFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665409261
DOIs
Publication statusPublished - 2022
Externally publishedYes
Event2022 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2022 - Virtual, Online, United States
Duration: 2022 May 22022 May 5

Publication series

NameINFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops

Conference

Conference2022 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2022
Country/TerritoryUnited States
CityVirtual, Online
Period22/5/222/5/5

Keywords

  • abstract syntax tree
  • deep learning
  • hierarchical attention network
  • vulnerability detection

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Hierarchical Attention Network for Interpretable and Fine-Grained Vulnerability Detection'. Together they form a unique fingerprint.

Cite this