VDSimilar: Vulnerability detection based on code similarity of vulnerabilities and patches

Hao Sun; Lei Cui; Lun Li; Zhenquan Ding; Zhiyu Hao; Jiancong Cui; PengLiu

首页> 外文期刊>Computers & Security >VDSimilar: Vulnerability detection based on code similarity of vulnerabilities and patches

【24h】

VDSimilar: Vulnerability detection based on code similarity of vulnerabilities and patches

机译：VDSIMILAR：基于漏洞和修补程序代码相似性的漏洞检测

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Vulnerability detection using machine learning is a hot topic in improving software security. However, existing works formulate detection as a classification problem, which requires a large set of labelled data while capturing semantical and syntactic similarity. In this work, we argue that similarity in the view of vulnerability is the key in detecting vulnerabilities. We prepare a relatively smaller data set composed of both vulnerabilities and associated patches, and attempt to realize security similarity from (ⅰ) the similarity between pair of vulnerabilities and (ⅱ) the difference between a pair of vulnerability and patch. To achieve this, we setup the detection model using the Siamese network cooperated with BiLSTM and Attention to deal with source code, Attention network to improve the detection accuracy. On a data set of 876 vulnerabilities and patches of OpenSSL and Linux, the proposed model (VDSimilar) achieves about 97.17% in AUC value of OpenSSL (where the Attention network contributes 1.21% than BiLSTM in Siamese), which is more outstanding than the most advanced methods based on deep learning.

机译：使用机器学习的漏洞检测是提高软件安全性的热门话题。然而，现有的作品将检测标记为分类问题，这在捕获语义和句法相似度时需要大量标记的数据。在这项工作中，我们争论漏洞视图中的相似性是检测漏洞的关键。我们准备了由漏洞和相关补丁组成的相对较小的数据集，并尝试从（Ⅰ）对漏洞对之间的相似性和（Ⅱ）一对漏洞和补丁之间的差异。为实现这一目标，我们使用暹罗网络与Bilstm合作的检测模型和注意源代码，注意网络，提高检测精度。在openssl和Linux的876个漏洞和补丁的数据集上，所提出的型号（Vdsimilar）在Openssl的AUC值中实现了大约97.17％（其中注意网络比暹罗的Bilstm贡献1.21％），这比最杰出更为出色基于深度学习的先进方法。

著录项

来源
《Computers & Security》 |2021年第11期|102417.1-102417.14|共14页
作者
Hao Sun; Lei Cui; Lun Li; Zhenquan Ding; Zhiyu Hao; Jiancong Cui; PengLiu;
展开▼
作者单位

Institute of Information Engineering Chinese Academy of Sciences Beijing China School of Cyber Security University of Chinese Academy of Sciences Beijing China;

Institute of Information Engineering Chinese Academy of Sciences Beijing China;

Institute of Information Engineering Chinese Academy of Sciences Beijing China;

Institute of Information Engineering Chinese Academy of Sciences Beijing China;

Institute of Information Engineering Chinese Academy of Sciences Beijing China;

Institute of Information Engineering Chinese Academy of Sciences Beijing China School of Information Science and Engineering Shandong Normal University Jinan China;

School of Computer Science and Information Technology Guangxi Normal University Guilin China;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Siamese network; BiLSTM; Attention; Vulnerability detection; Code similarity;

机译：暹罗网络;Bilstm;注意力;漏洞检测;代码相似性;

相似文献

外文文献
中文文献
专利

1. Token based Detection and Neural Network based Reconstruction framework against code injection vulnerabilities [J] . Teresa K. George, K. Poulose Jacob, Rekha K. James Information Security Technical Report . 2018,第AUGa期

机译：针对代码注入漏洞的基于令牌的检测和基于神经网络的重构框架
2. BVDetector: A program slice-based binary code vulnerability intelligent detection system [J] . Tian Junfeng, Xing Wenjing, Li Zhen Information and software technology . 2020,第Jula期

机译：BVDetector：基于程序切片的二进制代码漏洞智能检测系统
3. A Modified Maximal Divergence Sequential Auto-Encoder and Time Delay Neural Network Models for Vulnerable Binary Codes Detection [J] . Albahar Marwan Ali Quality Control, Transactions . 2020,第期

机译：修改的最大分流顺序自动编码器和易受攻击二进制代码检测的时间延迟神经网络模型
4. VFDETECT: A vulnerable code clone detection system based on vulnerability fingerprint [C] . Zhen Liu, Qiang Wei, Yan Cao 2017 IEEE 3rd Information Technology and Mechatronics Engineering Conference . 2017

机译：VFDETECT：基于漏洞指纹的易受攻击的代码克隆检测系统
5. Security Code Review with Static Analysis Techniques for the Detection and Remediation of Security Vulnerabilities [D] . Thomas, Tyler William. 2018

机译：使用静态分析技术检查安全代码，以检测和修复安全漏洞
6. Open source software security vulnerability detection based on dynamic behavior features [O] . Yuancheng Li, Longqiang Ma, Liang Shen, 2012

机译：基于动态行为特征的开源软件安全漏洞检测
7. Staged Method of Code Similarity Analysis for Firmware Vulnerability Detection [O] . Yisen Wang, Jianjing Shen, Jian Lin, 2019

机译：固件漏洞检测的代码相似性分析方法

VDSimilar: Vulnerability detection based on code similarity of vulnerabilities and patches

摘要

著录项

相似文献

相关主题

期刊订阅