BERT-Based Vulnerability Type Identification with Effective Program Representation

Wireless Algorithms, Systems, and Applications(2022)

引用 0|浏览4
暂无评分
摘要
Detecting vulnerabilities is essential to maintaining software security. At present, vulnerability detection based on deep learning has achieved remarkable results. The type of vulnerability could tell the vulnerability principles and help the programmer quickly pinpoint the precise location of vulnerabilities. Moreover, the type of vulnerability is very valuable for remediating it. Therefore, it is essential to identify vulnerability types. This paper proposes a new vulnerability type identification framework based on deep learning. The framework is based on syntax and semantics, and the detection granularity is fine to the slice level. To include comprehensive vulnerability types, we use four slicing methods to represent the program. In addition, we model four kinds of code slice features based on BERT. For evaluation, we used 64 three-level CWE-IDs vulnerability types in National Vulnerability Database (NVD) and Software Assurance Reference Dataset (SARD) for vulnerability type identification. The experimental results show that it has significant performance in vulnerability type identification.
更多
查看译文
关键词
Vulnerability detection, Type identification, Bidirectional self-attention mechanism
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要