Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
12-2023
Abstract
Learning-based approaches that learn code representations for software vulnerability detection have been proven to produce inspiring results. However, they still fail to capture complete and precise vulnerability semantics for code representations. To address the limitations, in this work, we propose a learning-based approach namely SnapVuln, which first utilizes multiple vulnerability-specific inter-procedural slicing algorithms to capture vulnerability semantics of various types and then employs a Gated Graph Neural Network (GGNN) with an attention mechanism to learn vulnerability semantics. We compare SnapVuln with state-of-the-art learning-based approaches on two public datasets, and confirm that SnapVuln outperforms them. We further perform an ablation study and demonstrate that the completeness and precision of vulnerability semantics captured by SnapVuln contribute to the performance improvement.
Keywords
code representations, program semantics, Vulnerability detection
Discipline
Artificial Intelligence and Robotics | Information Security | Theory and Algorithms
Research Areas
Intelligent Systems and Optimization
Publication
ESEC/FSE '23: Proceedings of ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, San Francisco, December 3-9
First Page
1371
Last Page
1383
ISBN
9798400703270
Identifier
10.1145/3611643.3616351
Publisher
ACM
City or Country
New York
Citation
WU, Bozhi; LIU, Shangqing; YANG, Xiao; LI, Zhiming; SUN, Jun; and LIN, Shang-Wei.
Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing. (2023). ESEC/FSE '23: Proceedings of ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, San Francisco, December 3-9. 1371-1383.
Available at: https://ink.library.smu.edu.sg/sis_research/8578
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1145/3611643.3616351
Included in
Artificial Intelligence and Robotics Commons, Information Security Commons, Theory and Algorithms Commons