Cross Domain on Snippets: BiLSTM-TextCNN based Vulnerability Detection with Domain Adaptation.


引用 0|浏览8
Due to the ubiquity of computer software, software vulnerability detection(SVD) problem is essential to protect cyber system from attacks. Recently, deep learning-based vulnerability detection has achieved outstanding performance, relieving experts from tedious task of manually defining vulnerability features as well. However, its detection capability is compromised when facing with the scarcity of labeled data. One possible solution is to leverage training data with adequate labels from other domains, but the data distributions in different domains differ significantly. On the other hand, function level detection is too coarse-grained and not able to capture inter-procedure vulnerability patterns. In this paper, we propose a systematic Snippet-Oriented Cross-Domain Vulnerability Detection Framework with Domain Adaptation, which is the first time to detect cross-project vulnerabilities at a finer granularity than function. Firstly, we generate Code Snippets from 5 real-world projects and 3 types of CWE in NVD and SARD for cross-project and cross-type detection; Secondly, we propose an novel and effective approach to obtain deep features for domain adaptation; Finally, we employ the domain adaptation algorithm on these deep features to reduce the divergence between different domains and get the final result. Experimental results show that our framework outperforms other state-of-the-art approaches.
vulnerability detection,Cross-Domain,code snippet,domain adaptation,deep learning
AI 理解论文
Chat Paper