research-article

DeepWukong: Statically Detecting Software Vulnerabilities Using Deep Graph Neural Network

Authors:

Yulei SuiAuthors Info & Claims

ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 30, Issue 3

Article No.: 38, Pages 1 - 33

https://doi.org/10.1145/3436877

Published: 23 April 2021 Publication History

Abstract

Static bug detection has shown its effectiveness in detecting well-defined memory errors, e.g., memory leaks, buffer overflows, and null dereference. However, modern software systems have a wide variety of vulnerabilities. These vulnerabilities are extremely complicated with sophisticated programming logic, and these bugs are often caused by different bad programming practices, challenging existing bug detection solutions. It is hard and labor-intensive to develop precise and efficient static analysis solutions for different types of vulnerabilities, particularly for those that may not have a clear specification as the traditional well-defined vulnerabilities.

This article presents DeepWukong, a new deep-learning-based embedding approach to static detection of software vulnerabilities for C/C++ programs. Our approach makes a new attempt by leveraging advanced recent graph neural networks to embed code fragments in a compact and low-dimensional representation, producing a new code representation that preserves high-level programming logic (in the form of control- and data-flows) together with the natural language information of a program. Our evaluation studies the top 10 most common C/C++ vulnerabilities during the past 3 years. We have conducted our experiments using 105,428 real-world programs by comparing our approach with four well-known traditional static vulnerability detectors and three state-of-the-art deep-learning-based approaches. The experimental results demonstrate the effectiveness of our research and have shed light on the promising direction of combining program analysis with deep learning techniques to address the general static code analysis challenges.

References

[1]

American Information Technology Laboratory. 2020. National Vulnerability Database. https://nvd.nist.gov.

[2]

Apple Inc. 2020. Clang static analyzer. https://clang-analyzer.llvm.org/scan-build.html.

[3]

Synopsys. 2020. Coverity. https://scan.coverity.com/.

[4]

Micro Focus. 2020. HP Fortify. https://www.hpfod.com/.

[5]

David A. Wheeler. 2020. Flawfinder. https://dwheeler.com/flawfinder/.

[6]

Facebook. 2020. Infer. https://fbinfer.com/.

[7]

J. Viega, J. T. Bloch, Y. Kohno, and G. McGraw. 2000. ITS4: A static vulnerability scanner for C and C++ code. In Proceedings 16th Annual Computer Security Applications Conference (ACSAC’00). 257--267.

[8]

Inc Secure Software. 2014. RATS. https://code.google.com/archive/p/rough-auditing-tool-for-security/.

[9]

Israel. 2020. Checkmarx. https://www.checkmarx.com/.

[10]

Yulei Sui and Jingling Xue. 2016. SVF: Interprocedural Static Value-Flow Analysis in LLVM. https://github.com/unsw-corg/SVF. In Proceedings of the 25th International Conference on Compiler Construction (CC'16). 265--266.

Digital Library

[11]

Gustavo Grieco, Guillermo Luis Grinblat, Lucas Uzal, Sanjay Rawat, Josselin Feist, and Laurent Mounier. 2016. Toward large-scale vulnerability discovery using machine learning. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY’16). ACM, New York, NY, 85--96.

Digital Library

[12]

Stephan Neuhaus and Thomas Zimmermann. 2009. The beauty and the beast: Vulnerabilities in red hat’s packages. In Proceedings of the 2009 USENIX Annual Technical Conference (USENIX ATC’09).

[13]

Stephan Neuhaus, Thomas Zimmermann, Christian Holler, and Andreas Zeller. 2007. Predicting vulnerable software components. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). Association for Computing Machinery, New York, NY, 529--540.

Digital Library

[14]

Yonghee Shin, Andrew Meneely, Laurie Williams, and Jason A. Osborne. 2011. Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Trans. Software Eng. 37 (2011), 772--787.

Digital Library

[15]

X. Cheng, H. Wang, J. Hua, M. Zhang, G. Xu, L. Yi, and Y. Sui. 2019. Static detection of control-flow-related vulnerabilities using graph embedding. In 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS’19). 41--50.

[16]

Martin White, Christopher Vendome, Mario Linares-Vásquez, and Denys Poshyvanyk. 2015. Toward deep learning software repositories. In Proceedings of the 12th Working Conference on Mining Software Repositories (MSR’15). IEEE Press, Piscataway, NJ, 334--345. http://dl.acm.org/citation.cfm?id=2820518.2820559

Digital Library

[17]

YaQin Zhou, Shangqing Liu, Jingkai Siow, Xiaoning Du, and Yang Liu. 2019. Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019 (NeurIPS'19).

[18]

Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, and Yuyi Zhong. 2018. VulDeePecker: A deep learning-based system for vulnerability detection. In The Network and Distributed System Security Symposium (NDSS’18).

[19]

Tomas Mikolov, Ilya Sutskever, Kai Chen, Greg Corrado, and Jeffrey Dean. 2013. Distributed representations of words and phrases and their compositionality. In Proceedings of the 26th International Conference on Neural Information Processing Systems - Volume 2 (NIPS’13). Curran Associates Inc., 3111--3119. http://dl.acm.org/citation.cfm?id=2999792.2999959

Digital Library

[20]

Quoc V. Le and Tomas Mikolov. 2014. Distributed representations of sentences and documents. In Proceedings of the 31th International Conference on Machine Learning (ICML'14), Vol. 32. JMLR.org, 1188--1196. http://dblp.uni-trier.de/db/conf/icml/icml2014.html#LeM14

[21]

Miltiadis Allamanis, Marc Brockschmidt, and Mahmoud Khademi. 2017. Learning to represent programs with graphs. CoRR abs/1711.00740 (2017). arxiv:1711.00740 http://arxiv.org/abs/1711.00740

[22]

American Information Technology Laboratory. 2017. Software Assurance Reference Dataset. https://samate.nist.gov/SARD/index.php.

[23]

Thomas N. Kipf and Max Welling. 2016. Semi-supervised classification with graph convolutional networks. CoRR abs/1609.02907 (2016). arxiv:1609.02907 http://arxiv.org/abs/1609.02907

[24]

Petar Veličković, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Liò, and Yoshua Bengio. 2018. Graph attention networks. In International Conference on Learning Representations. https://openreview.net/forum?id=rJXMpikCZ. Accepted as poster.

[25]

Christopher Morris, Martin Ritzert, Matthias Fey, William L. Hamilton, Jan Eric Lenssen, Gaurav Rattan, and Martin Grohe. 2018. Weisfeiler and Leman Go Neural: Higher-order graph neural networks. CoRR abs/1810.02244 (2018). arxiv:1810.02244 http://arxiv.org/abs/1810.02244

[26]

Keshav Pingali and Gianfranco Bilardi. 1995. APT: A data structure for optimal control dependence computation. In Proceedings of the ACM SIGPLAN 1995 Conference on Programming Language Design and Implementation (PLDI’95). ACM, New York, NY, 32--46.

Digital Library

[27]

Ben Hardekopf and Calvin Lin. 2011. Flow-sensitive pointer analysis for millions of lines of code. In Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization (CGO'11). IEEE Computer Society, 289--298.

Digital Library

[28]

Crispin Cowan, Calton Pu, Dave Maier, Heather Hintony, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th Conference on USENIX Security Symposium - Volume 7 (SSYM’98). USENIX Association, Berkeley, CA, 5--5. http://dl.acm.org/citation.cfm?id=1267549.1267554

Digital Library

[29]

C. Cowan, F. Wagle, Calton Pu, S. Beattie, and J. Walpole. 2000. Buffer overflows: Attacks and defenses for the vulnerability of the decade. In Proceedings DARPA Information Survivability Conference and Exposition (DISCEX’00), Vol. 2. 119--129.

[30]

Terence Parr. 2014. Antlr. https://www.antlr.org/.

[31]

Mark Weiser. 1981. Program slicing. In Proceedings of the 5th International Conference on Software Engineering (ICSE’81). IEEE Press, 439--449.

Digital Library

[32]

Rahul Gupta, Soham Pal, Aditya Kanade, and Shirish K. Shevade. 2017. DeepFix: Fixing common C language errors by deep learning. In Proceedings of the 31st AAAI Conference on Artificial Intelligence (AAAI'17). 1345--1351. http://aaai.org/ocs/index.php/AAAI/AAAI17/paper/view/14603

[33]

H. Robbins. 2007. A stochastic approximation method. Annals of Mathematical Statistics 22 (2007), 400--407.

[34]

Cǎtǎline Cangea, Petar Veličković, Nikola Jovanović, Thomas Kipf, and Pietro Liò. 2018. Towards Sparse Hierarchical Graph Classifiers. arxiv:stat.ML/1811.01287

[35]

Keyulu Xu, Chengtao Li, Yonglong Tian, Tomohiro Sonobe, Ken-ichi Kawarabayashi, and Stefanie Jegelka. 2018. Representation learning on graphs with jumping knowledge networks. CoRR abs/1806.03536 (2018). arxiv:1806.03536 http://arxiv.org/abs/1806.03536

[36]

Keyulu Xu, Weihua Hu, Jure Leskovec, and Stefanie Jegelka. 2018. How powerful are graph neural networks?CoRR abs/1810.00826 (2018). arxiv:1810.00826 http://arxiv.org/abs/1810.00826

[37]

H. Ramchoun, M. A. Janati Idrissi, Y. Ghanou, and M. Ettaouil. 2017. Multilayer perceptron: Architecture optimization and training with mixed activation functions. In Proceedings of the 2nd International Conference on Big Data, Cloud and Applications (BDCA’17). Association for Computing Machinery, New York, NY, Article 71, 6 pages.

[38]

Shadi A. Aljawarneh, Ali Alawneh, and Reem Jaradat. 2017. Cloud security engineering: Early stages of SDLC. Future Generation Computer Systems 74 (2017), 385--392.

Digital Library

[39]

H. H. AlBreiki and Q. H. Mahmoud. 2014. Evaluation of static analysis tools for software security. In 2014 10th International Conference on Innovations in Information Technology (IIT’14). 93--98.

[40]

Yaqin Zhou and Asankhaya Sharma. 2017. Automated identification of security issues from commit messages and bug reports. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE’17). Association for Computing Machinery, New York, NY, 914--919.

Digital Library

[41]

Matthias Fey and Jan E. Lenssen. 2019. Fast graph representation learning with PyTorch geometric. In ICLR Workshop on Representation Learning on Graphs and Manifolds.

[42]

Diederik P. Kingma and Jimmy Ba. 2015. Adam: A method for stochastic optimization. In 3rd International Conference on Learning Representations (ICLR’15), Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.). http://arxiv.org/abs/1412.6980

[43]

Marcus Pendleton, Richard Garcia-Lebron, Jin-Hee Cho, and Shouhuai Xu. 2016. A survey on systems security metrics. ACM Computing Surveys 49, 4, Article 62 (Dec. 2016), 35 pages.

[44]

D. M. W. Powers. 2011. Evaluation: From precision, recall and F-measure to ROC, informedness, markedness & correlation. Journal of Machine Learning Technologies 2, 1 (2011), 37--63.

[45]

Petra Mutzel. 2019. Algorithmic data science (invited talk). In 36th International Symposium on Theoretical Aspects of Computer Science (STACS’19) (Leibniz International Proceedings in Informatics (LIPIcs)), Rolf Niedermeier and Christophe Paul (Eds.), Vol. 126. Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 3:1--3:15.

[46]

Yves Younan, Wouter Joosen, and Frank Piessens. 2004. Code Injection in C and C++: A Survey of Vulnerabilities and Countermeasures. Technical Report. Departement Computerwetenschappen, Katholieke Universiteit Leuven.

[47]

2000. The UC Davis Reducing Software Security Risk through an Integrated Approach Project. Computer Security Laboratory, Department of Computer Science, University of California at Davis. http://seclab.cs.ucdavis.edu/projects/testing/.

[48]

Josh Berdine, Cristiano Calcagno, and Peter W. O’Hearn. 2006. Smallfoot: Modular automatic assertion checking with separation logic. In Formal Methods for Components and Objects, Frank S. de Boer, Marcello M. Bonsangue, Susanne Graf, and Willem-Paul de Roever (Eds.). Springer, Berlin,115--137.

[49]

Cristiano Calcagno, Dino Distefano, Peter O’Hearn, and Hongseok Yang. 2009. Compositional shape analysis by means of bi-abduction. In Proceedings of the 36th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’09). ACM, New York, NY, 289--300.

Digital Library

[50]

Fabian Yamaguchi, Christian Wressnegger, Hugo Gascon, and Konrad Rieck. 2013. Chucky: Exposing missing checks in source code for vulnerability discovery. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS’13). ACM, New York, NY, 499--510.

Digital Library

[51]

F. Yamaguchi, A. Maier, H. Gascon, and K. Rieck. 2015. Automatic inference of search patterns for taint-style vulnerabilities. In 2015 IEEE Symposium on Security and Privacy (SP'15). 797--812.

Digital Library

[52]

M. Backes, B. Köpf, and A. Rybalchenko. 2009. Automatic discovery and quantification of information leaks. In 2009 IEEE Symposium on Security and Privacy (SP'09). 141--153.

Digital Library

[53]

J. Jang, A. Agrawal, and D. Brumley. 2012. ReDeBug: Finding unpatched code clones in entire OS distributions. In 2012 IEEE Symposium on Security and Privacy (SP'12). 48--62.

Digital Library

[54]

S. Kim, S. Woo, H. Lee, and H. Oh. 2017. VUDDY: A scalable approach for vulnerable code clone discovery. In 2017 IEEE Symposium on Security and Privacy (SP’17). 595--614.

[55]

Nam H. Pham, Tung Thanh Nguyen, Hoan Anh Nguyen, and Tien N. Nguyen. 2010. Detection of recurring software vulnerabilities. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (ASE’10). ACM, New York, NY, 447--456.

[56]

Michael Pradel and Koushik Sen. 2018. DeepBugs: A learning approach to name-based bug detection. Proceedings of the ACM on Programming Languages 2, OOPSLA, Article 147 (Oct. 2018), 25 pages.

Digital Library

[57]

Hua Yan, Yulei Sui, Shiping Chen, and Jingling Xue. 2017. Machine-learning-guided typestate analysis for static use-after-free detection. In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC'17). ACM, 42--54.

Digital Library

[58]

J. Howard Johnson. 1993. Identifying redundancy in source code using fingerprints. In Proceedings of the 1993 Conference of the Centre for Advanced Studies on Collaborative Research: Software Engineering - Volume 1 (CASCON’93). IBM Press, 171--183. http://dl.acm.org/citation.cfm?id=962289.962305

Digital Library

[59]

J. Howard Johnson. 1994. Substring matching for clone detection and change tracking. In Proceedings 1994 International Conference on Software Maintenance. 120--126.

[60]

J. Howard Johnson. 1994. Visualizing textual redundancy in legacy source. In Proceedings of the 1994 Conference of the Centre for Advanced Studies on Collaborative Research (CASCON’94). IBM Press, 32--. http://dl.acm.org/citation.cfm?id=782185.782217

Digital Library

[61]

C. K. Roy and J. R. Cordy. 2008. NICAD: Accurate detection of near-miss intentional clones using flexible pretty-printing and code normalization. In 2008 16th IEEE International Conference on Program Comprehension (ICPC'08). 172--181.

Digital Library

[62]

T. Kamiya, S. Kusumoto, and K. Inoue. 2002. CCFinder: A multilinguistic token-based code clone detection system for large scale source code. IEEE Transactions on Software Engineering 28, 7 (2002), 654--670.

Digital Library

[63]

Z. Li, S. Lu, S. Myagmar, and Y. Zhou. 2006. CP-miner: Finding copy-paste and related bugs in large-scale software code. IEEE Transactions on Software Engineering 32, 3 (March 2006), 176--192.

Digital Library

[64]

H. Sajnani and C. Lopes. 2013. A parallel and efficient approach to large scale clone detection. In 2013 7th International Workshop on Software Clones (IWSC’13). 46--52.

[65]

Hitesh Sajnani, Vaibhav Saini, Jeffrey Svajlenko, Chanchal K. Roy, and Cristina V. Lopes. 2016. SourcererCC: Scaling code clone detection to big-code. In Proceedings of the 38th International Conference on Software Engineering (ICSE’16). ACM, New York, NY, 1157--1168.

[66]

Jian Zhang, Xu Wang, Hongyu Zhang, Hailong Sun, Kaixuan Wang, and Xudong Liu. 2019. A novel neural source code representation based on abstract syntax tree. In Proceedings of the 41st International Conference on Software Engineering (ICSE’19). IEEE Press, Piscataway, NJ, 783--794.

Digital Library

[67]

Song Wang, Taiyue Liu, and Lin Tan. 2016. Automatically learning semantic features for defect prediction. In Proceedings of the 38th International Conference on Software Engineering (ICSE’16). ACM, New York, NY, 297--308.

Digital Library

[68]

Uri Alon, Meital Zilberstein, Omer Levy, and Eran Yahav. 2019. Code2Vec: Learning distributed representations of code. Proceedings of the ACM on Programming Languages 3, POPL, Article 40 (Jan. 2019), 29 pages.

Digital Library

[69]

Kai Chen, Peng Liu, and Yingjun Zhang. 2014. Achieving accuracy and scalability simultaneously in detecting application clones on Android markets. In Proceedings of the 36th International Conference on Software Engineering (ICSE’14). ACM, New York, NY, 175--186.

Digital Library

[70]

Mark Gabel, Lingxiao Jiang, and Zhendong Su. 2008. Scalable detection of semantic clones. In Proceedings of the 30th International Conference on Software Engineering (ICSE’08). ACM, New York, NY, 321--330.

Digital Library

[71]

Raghavan Komondoor and Susan Horwitz. 2001. Using slicing to identify duplication in source code. In Static Analysis, Patrick Cousot (Ed.). Springer, Berlin, 40--56.

[72]

Jens Krinke. 2001. Identifying similar code with program dependence graphs. In Proceedings of the 8th Working Conference on Reverse Engineering (WCRE’01). IEEE Computer Society, Washington, DC, 301--. http://dl.acm.org/citation.cfm?id=832308.837142

[73]

Chao Liu, Fen Chen, Jiawei Han, and Philip Yu. 2006. GPLAG: Detection of software plagiarism by program dependence graph analysis. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD'06). 872--881.

Digital Library

[74]

Yulei Sui, Xiao Cheng, Guanqin Zhang, and Haoyu Wang. 2020. Flow2Vec: Value-flow-based precise code embedding. Proceedings of the ACM on Programming Languages 4, OOPSLA, Article 233 (Nov. 2020), 27 pages.

Digital Library

[75]

Martin White, Michele Tufano, Christopher Vendome, and Denys Poshyvanyk. 2016. Deep learning code fragments for code clone detection. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering (ASE’16). ACM, New York, NY, 87--98.

Digital Library

Cited By

Zhang YHu YChen X(2024)Context and Multi-Features-Based Vulnerability Detection: A Vulnerability Detection Frame Based on Context Slicing and Multi-FeaturesSensors10.3390/s2405135124:5(1351)Online publication date: 20-Feb-2024
https://doi.org/10.3390/s24051351
Jones ROmar M(2024)Codeguard: Utilizing Advanced Pattern Recognition in Language Models for Software Vulnerability AnalysisLand Forces Academy Review10.2478/raft-2024-001129:1(108-118)Online publication date: 28-Feb-2024
https://doi.org/10.2478/raft-2024-0011
Jones AOmar M(2024)Codesentry: Revolutionizing Real-Time Software Vulnerability Detection With Optimized GPT FrameworkLand Forces Academy Review10.2478/raft-2024-001029:1(98-107)Online publication date: 28-Feb-2024
https://doi.org/10.2478/raft-2024-0010
Show More Cited By

Index Terms

DeepWukong: Statically Detecting Software Vulnerabilities Using Deep Graph Neural Network

Recommendations

MVD: memory-related vulnerability detection based on flow-sensitive graph neural networks
ICSE '22: Proceedings of the 44th International Conference on Software Engineering

Memory-related vulnerabilities constitute severe threats to the security of modern software. Despite the success of deep learning-based approaches to generic vulnerability detection, they are still limited by the underutilization of flow information when ...
Interpreting Deep Learning-based Vulnerability Detector Predictions Based on Heuristic Searching
Continuous Special Section: AI and SE

Detecting software vulnerabilities is an important problem and a recent development in tackling the problem is the use of deep learning models to detect software vulnerabilities. While effective, it is hard to explain why a deep learning model predicts ...
Software Vulnerability Analysis and Discovery Using Machine-Learning and Data-Mining Techniques: A Survey

Software security vulnerabilities are one of the critical issues in the realm of computer security. Due to their potential high severity impacts, many different approaches have been proposed in the past decades to mitigate the damages of software ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Software Engineering and Methodology

ACM Transactions on Software Engineering and Methodology Volume 30, Issue 3

Continuous Special Section: AI and SE

July 2021

600 pages

ISSN:1049-331X

EISSN:1557-7392

DOI:10.1145/3450566

Editor:
Mauro Pezzè
Università della Svizzera italiana and Università di Milano-Bicocca, Switzerland

Issue’s Table of Contents

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 April 2021

Accepted: 01 November 2020

Revised: 01 November 2020

Received: 01 January 2020

Published in TOSEM Volume 30, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Australian Research
National Key Research and Development Program of China
National Natural Science Foundation of China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

120
Total Citations
View Citations
2,372
Total Downloads

Downloads (Last 12 months)739
Downloads (Last 6 weeks)67

Reflects downloads up to

Other Metrics

View Author Metrics

Citations

Cited By

Zhang YHu YChen X(2024)Context and Multi-Features-Based Vulnerability Detection: A Vulnerability Detection Frame Based on Context Slicing and Multi-FeaturesSensors10.3390/s2405135124:5(1351)Online publication date: 20-Feb-2024
https://doi.org/10.3390/s24051351
Jones ROmar M(2024)Codeguard: Utilizing Advanced Pattern Recognition in Language Models for Software Vulnerability AnalysisLand Forces Academy Review10.2478/raft-2024-001129:1(108-118)Online publication date: 28-Feb-2024
https://doi.org/10.2478/raft-2024-0011
Jones AOmar M(2024)Codesentry: Revolutionizing Real-Time Software Vulnerability Detection With Optimized GPT FrameworkLand Forces Academy Review10.2478/raft-2024-001029:1(98-107)Online publication date: 28-Feb-2024
https://doi.org/10.2478/raft-2024-0010
Basharat MOmar M(2024)SecuGuard: Leveraging pattern-exploiting training in language models for advanced software vulnerability detectionInternational Journal of Mathematics and Computer in Engineering10.2478/ijmce-2025-0005Online publication date: 2-Jun-2024
https://doi.org/10.2478/ijmce-2025-0005
Zhang TXu RZhang JLiu YChen XYin JZheng X(2024)DSHGT : Dual-Supervisors Heterogeneous Graph Transformer - A pioneer study of using heterogeneous graph learning for detecting software vulnerabilitiesACM Transactions on Software Engineering and Methodology10.1145/3674729Online publication date: 28-Jun-2024
https://dl.acm.org/doi/10.1145/3674729
Jiang ZSun WGu XWu JWen THu HYan M(2024)DFEPT: Data Flow Embedding for Enhancing Pre-Trained Model Based Vulnerability DetectionProceedings of the 15th Asia-Pacific Symposium on Internetware10.1145/3671016.3671388(95-104)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1145/3671016.3671388
Becker GEisenbarth TFederrath HFischer MLoose NOtt SPecholt JMarwedel SMeyer DStijohann JTalpur AVallentin M(2024)SOVEREIGN - Towards a Holistic Approach to Critical Infrastructure ProtectionProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3671410(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3671410
Ren JSui YCheng XFeng YZhao J(2024)Dynamic Transitive Closure-based Static Analysis through the Lens of Quantum SearchACM Transactions on Software Engineering and Methodology10.1145/364438933:5(1-29)Online publication date: 4-Jun-2024
https://dl.acm.org/doi/10.1145/3644389
Cheng XRen JSui Y(2024)Fast Graph Simplification for Path-Sensitive Typestate Analysis through Tempo-Spatial Multi-Point SlicingProceedings of the ACM on Software Engineering10.1145/36437491:FSE(494-516)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643749
Cheng BZhao SWang KWang MBai GFeng RGuo YMa LWang H(2024)Beyond Fidelity: Explaining Vulnerability Localization of Learning-Based DetectorsACM Transactions on Software Engineering and Methodology10.1145/364154333:5(1-33)Online publication date: 4-Jun-2024
https://dl.acm.org/doi/10.1145/3641543
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents