A Novel Deep Multi-head Attentive Vulnerable Line Detector

Detecting and fixing vulnerabilities in software programs before production is crucial in software engineering. Manual vulnerability detection is labor-intensive, especially for large programs, leading to the proposal of machine learning-based methods for automation. However, existing approaches pri...

Full description

Saved in:
Bibliographic Details
Published in:Procedia computer science 2023, Vol.222, p.35-44
Main Authors: Li, Miles Q., Fung, Benjamin C.M., Diwan, Ashita
Format: Article
Language:English
Subjects:
Deep learning
memory networks
multi-head attention
vulnerability detection
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Detecting and fixing vulnerabilities in software programs before production is crucial in software engineering. Manual vulnerability detection is labor-intensive, especially for large programs, leading to the proposal of machine learning-based methods for automation. However, existing approaches primarily detect vulnerabilities at the function level, providing non-specific results that require additional developer effort to locate vulnerabilities. Detection at the line-of-code level is an underexplored area. In this paper, we propose a novel deep learning method for line-of-code vulnerability detection. Our hybrid neural network combines a memory network and multi-head attention mechanism. Through comprehensive experiments, we analyze the impact of each modification, demonstrating significant improvements in performance. Our approach outperforms existing methods for comparison, showcasing its effectiveness in vulnerability detection.
ISSN:1877-0509
1877-0509
DOI:10.1016/j.procs.2023.08.142