Hierarchical Attention Network for Interpretable and Fine-Grained Vulnerability Detection

Mianxue Gu, Hantao Feng, Hongyu Sun, Peng Liu, Qiuling Yue, Jinglu Hu, Chunjie Cao, Yuqing Zhang*

*この研究の対応する著者

研究成果: Conference contribution

抄録

With the rapid development of software technology, the number of vulnerabilities is proliferating, which makes vulnerability detection an important topic of security research. Existing works only focus on predicting whether a given program code is vulnerable but less interpretable. To overcome these deficits, we first apply the hierarchical attention network into vulnerability detection for interpretable and fine-grained vulnerability discovery. Especially, our model consists of two level attention layers at both the line-level and the token-level of the code to locate which lines or tokens are important to discover vulnerabilities. Furthermore, in order to accurately extract features from source code, we process the code based on the abstract syntax tree and embed the syntax tokens into vectors. We evaluate the performance of our model on two widely used benchmark datasets, CWE-119 (Buffer Error) and CWE399 (Resource Management Error) from SARD. Experiments show that the F1 score of our model achieves 86.1% (CWE-119) and 90.0% (CWE-399) on two datasets, which is significantly better than the-state-of-the-art models. In particular, our model can directly mark the importance of different lines and different tokens, which can provide useful information for further vulnerability exploitation and repair.

本文言語English
ホスト出版物のタイトルINFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops
出版社Institute of Electrical and Electronics Engineers Inc.
ISBN(電子版)9781665409261
DOI
出版ステータスPublished - 2022
外部発表はい
イベント2022 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2022 - Virtual, Online, United States
継続期間: 2022 5月 22022 5月 5

出版物シリーズ

名前INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops

Conference

Conference2022 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2022
国/地域United States
CityVirtual, Online
Period22/5/222/5/5

ASJC Scopus subject areas

  • 人工知能
  • コンピュータ ネットワークおよび通信
  • 情報システム
  • 情報システムおよび情報管理
  • 安全性、リスク、信頼性、品質管理

フィンガープリント

「Hierarchical Attention Network for Interpretable and Fine-Grained Vulnerability Detection」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル