mVulPreter: A Multi-Granularity Vulnerability Detection System With Interpretations

Due to the powerful automatic feature extraction, deep learning-based vulnerability detection methods have evolved significantly in recent years. However, almost all current work focuses on detecting vulnerabilities at a single granularity ( i.e ., slice-level or function-level). In practice, slice-...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing 2024, p.1-12
Main Authors: Zou, Deqing, Hu, Yutao, Li, Wenke, Wu, Yueming, Zhao, Haojun, Jin, Hai
Format: Article
Language:English
Subjects:
Codes
Deep learning
Detectors
Feature extraction
graph neural network
interpretable AI
Rats
Security
Semantics
Training
vulnerability detection
Citations: Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Due to the powerful automatic feature extraction, deep learning-based vulnerability detection methods have evolved significantly in recent years. However, almost all current work focuses on detecting vulnerabilities at a single granularity ( i.e ., slice-level or function-level). In practice, slice-level vulnerability detection is fine-grained but may contain incomplete vulnerability details. Function-level vulnerability detection includes full vulnerability semantics but may contain vulnerability-unrelated statements. Meanwhile, they pay more attention to predicting whether the source code is vulnerable and cannot pinpoint which statements are more likely to be vulnerable. In this paper, we design mVulPreter , a multi-granularity vulnerability detector that can provide interpretations of detection results. Specifically, we propose a novel technique to effectively blend the advantages of function-level and slice-level vulnerability detection models and output the detection results' interpretation only by the model itself. We evaluate mVulPreter on a dataset containing 5,310 vulnerable functions and 7,601 non-vulnerable functions. The experimental results indicate that mVulPreter outperforms existing state-of-the-art vulnerability detection approaches ( i.e ., Checkmarx , FlawFinder , RATS , TokenCNN , StatementLSTM , SySeVR , and Devign ).
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2022.3199769