CPMSVD: Cross-Project Multiclass Software Vulnerability Detection Via Fused Deep Feature and Domain Adaptation

Many deep learning-based approaches have achieved excellent performance for Software Vulnerability Detection(SVD) but the most imperative issue is coping with the scarcity of labeled software vulnerabilities. When employing transfer learning techniques, researchers only detected the presence of vulnerabilities but cannot identify vulnerability types. In this paper, we propose the first system for Cross-Project Multiclass Software Vulnerability Detection (CPMSVD) which incorporates inter-procedure code lines as local feature and detects at the granularity of code snippet. Principles are defined to generate snippet attentions and a deep model is proposed to obtain the fusion representations. We then extend domain adaptation techniques to reduce feature distributions among different projects. Experimental results show that our approach outperforms other state-of-the-art ones.