Improve vulnerability prediction performance using self-attention mechanism and convolutional neural network

Neural Networks, Information and Communication Engineering Pub Date : 2022-06-30 DOI:10.1117/12.2639144

Bingjie Duan, Xu Zhou, Xugang Wu

{"title":"Improve vulnerability prediction performance using self-attention mechanism and convolutional neural network","authors":"Bingjie Duan, Xu Zhou, Xugang Wu","doi":"10.1117/12.2639144","DOIUrl":null,"url":null,"abstract":"With the vigorous development of the Internet, the number of commonly used software has also increased rapidly. The security and reliability of software have become important challenges that researchers must deal with. Fuzzing is a way of detecting vulnerabilities by providing unintended inputs to the target software and observing the final running results. During these years, fuzzing has proven its effectiveness in software security testing. But a large number of fuzzing tools rely solely on runtime information while testing software. Achieving static vulnerability prediction for programs in advance can greatly improve the efficiency of fuzzing. Vulnerability prediction aims to obtain the possibility of vulnerabilities in different parts of the program. The existing vulnerability prediction methods are relatively simple for feature extraction between basic blocks. We design a novel model combining self-attention mechanism and convolutional neural networks, which can extract and integrate the internal information of functions. Compared with the state-of-the-art V-Fuzz, our recall can be improved by 9.7 percentage points, and the accuracies of K-100~K-1000 can be higher than 90%.","PeriodicalId":336892,"journal":{"name":"Neural Networks, Information and Communication Engineering","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Neural Networks, Information and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1117/12.2639144","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

With the vigorous development of the Internet, the number of commonly used software has also increased rapidly. The security and reliability of software have become important challenges that researchers must deal with. Fuzzing is a way of detecting vulnerabilities by providing unintended inputs to the target software and observing the final running results. During these years, fuzzing has proven its effectiveness in software security testing. But a large number of fuzzing tools rely solely on runtime information while testing software. Achieving static vulnerability prediction for programs in advance can greatly improve the efficiency of fuzzing. Vulnerability prediction aims to obtain the possibility of vulnerabilities in different parts of the program. The existing vulnerability prediction methods are relatively simple for feature extraction between basic blocks. We design a novel model combining self-attention mechanism and convolutional neural networks, which can extract and integrate the internal information of functions. Compared with the state-of-the-art V-Fuzz, our recall can be improved by 9.7 percentage points, and the accuracies of K-100~K-1000 can be higher than 90%.

查看原文本刊更多论文

利用自注意机制和卷积神经网络提高漏洞预测性能

随着互联网的蓬勃发展，常用软件的数量也迅速增加。软件的安全性和可靠性已经成为研究人员必须面对的重要挑战。模糊测试是一种通过向目标软件提供意外输入并观察最终运行结果来检测漏洞的方法。近年来，模糊测试在软件安全测试中已经证明了它的有效性。但是大量的模糊测试工具在测试软件时仅仅依赖于运行时信息。提前实现对程序的静态漏洞预测，可以大大提高模糊测试的效率。漏洞预测的目的是获取程序不同部分存在漏洞的可能性。现有的漏洞预测方法对基本块之间的特征提取比较简单。我们设计了一种结合自注意机制和卷积神经网络的新模型，可以提取和整合函数的内部信息。与最先进的V-Fuzz相比，我们的召回率提高了9.7个百分点，K-100~K-1000的准确率可以高于90%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Neural Networks, Information and Communication Engineering

自引率

0.00%

发文量