An Investigation of Quality Issues in Vulnerability Detection Datasets

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI:10.1109/EuroSPW59978.2023.00008

Yuejun Guo, Seifeddine Bettaieb

{"title":"An Investigation of Quality Issues in Vulnerability Detection Datasets","authors":"Yuejun Guo, Seifeddine Bettaieb","doi":"10.1109/EuroSPW59978.2023.00008","DOIUrl":null,"url":null,"abstract":"Vulnerability detection is a crucial yet challenging task in ensuring software security, and deep learning (DL) has made significant progress in automating this process. However, a DL model requires a massive amount of labeled data (vulnerable and secure source code) to effectively distinguish between the two. Many datasets have been created for this purpose but they suffer from several issues that can lead to low detection accuracy of DL models. In this paper, we define three critical issues (data imbalance, low vulnerability coverage, and biased vulnerability distribution) and three secondary issues (errors in source code, mislabeling, and noisy historical data) that can affect the model performance. We also conduct a study of 14 papers along with 54 datasets for vulnerability detection to confirm these defined issues. Furthermore, we discuss good practices for using existing datasets and creating new ones to improve the quality of data available for automated vulnerability detection. This paper aims to raise awareness of the importance of data quality in vulnerability detection and provide proper guidelines for researchers and practitioners working in this area.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuroSPW59978.2023.00008","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Vulnerability detection is a crucial yet challenging task in ensuring software security, and deep learning (DL) has made significant progress in automating this process. However, a DL model requires a massive amount of labeled data (vulnerable and secure source code) to effectively distinguish between the two. Many datasets have been created for this purpose but they suffer from several issues that can lead to low detection accuracy of DL models. In this paper, we define three critical issues (data imbalance, low vulnerability coverage, and biased vulnerability distribution) and three secondary issues (errors in source code, mislabeling, and noisy historical data) that can affect the model performance. We also conduct a study of 14 papers along with 54 datasets for vulnerability detection to confirm these defined issues. Furthermore, we discuss good practices for using existing datasets and creating new ones to improve the quality of data available for automated vulnerability detection. This paper aims to raise awareness of the importance of data quality in vulnerability detection and provide proper guidelines for researchers and practitioners working in this area.

查看原文本刊更多论文

漏洞检测数据集质量问题研究

漏洞检测是确保软件安全的一项至关重要但具有挑战性的任务，深度学习(DL)在自动化这一过程方面取得了重大进展。然而，深度学习模型需要大量的标记数据(易受攻击和安全的源代码)来有效地区分两者。为此目的创建了许多数据集，但它们存在几个问题，可能导致深度学习模型的检测精度较低。在本文中，我们定义了影响模型性能的三个关键问题(数据不平衡、低漏洞覆盖率和有偏差的漏洞分布)和三个次要问题(源代码错误、错误标记和嘈杂的历史数据)。我们还对14篇论文以及54个漏洞检测数据集进行了研究，以确认这些定义的问题。此外，我们讨论了使用现有数据集和创建新数据集的良好实践，以提高可用于自动漏洞检测的数据质量。本文旨在提高人们对数据质量在漏洞检测中的重要性的认识，并为这一领域的研究人员和从业人员提供适当的指导。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

自引率

0.00%

发文量