VulDefend:一种基于模式挖掘训练的语言模型软件漏洞检测新技术

2023 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT) Pub Date : 2023-05-22 DOI:10.1109/JEEIT58638.2023.10185860

Marwan Omar

{"title":"VulDefend:一种基于模式挖掘训练的语言模型软件漏洞检测新技术","authors":"Marwan Omar","doi":"10.1109/JEEIT58638.2023.10185860","DOIUrl":null,"url":null,"abstract":"The detection of vulnerabilities in source code is a critical task in software assurance. In this work, we propose a semi-supervised learning approach that leverages pattern-exploiting training and cloze-style questions. Our approach involves training a language model on the SARD and Devign datasets of code snippets with vulnerabilities, where the input is generated by masking parts of the code and asking the model to predict the masked tokens. Experimental results demonstrate that our approach can effectively detect vulnerabilities in source code, while leveraging the pattern information learned from the code snippets. This work highlights the feasibility of using pattern-exploiting training and cloze-style questions for improved performance in the detection of vulnerabilities in source code.","PeriodicalId":177556,"journal":{"name":"2023 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"VulDefend: A Novel Technique based on Pattern-exploiting Training for Detecting Software Vulnerabilities Using Language Models\",\"authors\":\"Marwan Omar\",\"doi\":\"10.1109/JEEIT58638.2023.10185860\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The detection of vulnerabilities in source code is a critical task in software assurance. In this work, we propose a semi-supervised learning approach that leverages pattern-exploiting training and cloze-style questions. Our approach involves training a language model on the SARD and Devign datasets of code snippets with vulnerabilities, where the input is generated by masking parts of the code and asking the model to predict the masked tokens. Experimental results demonstrate that our approach can effectively detect vulnerabilities in source code, while leveraging the pattern information learned from the code snippets. This work highlights the feasibility of using pattern-exploiting training and cloze-style questions for improved performance in the detection of vulnerabilities in source code.\",\"PeriodicalId\":177556,\"journal\":{\"name\":\"2023 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT)\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/JEEIT58638.2023.10185860\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/JEEIT58638.2023.10185860","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

源代码漏洞检测是软件安全保障中的一项关键任务。在这项工作中，我们提出了一种半监督学习方法，利用模式开发训练和完形式问题。我们的方法包括在带有漏洞的代码片段的SARD和design数据集上训练语言模型，其中输入是通过屏蔽部分代码生成的，并要求模型预测被屏蔽的令牌。实验结果表明，我们的方法可以有效地检测源代码中的漏洞，同时利用从代码片段中学习到的模式信息。这项工作强调了使用模式利用训练和封闭型问题来提高源代码漏洞检测性能的可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

VulDefend: A Novel Technique based on Pattern-exploiting Training for Detecting Software Vulnerabilities Using Language Models

The detection of vulnerabilities in source code is a critical task in software assurance. In this work, we propose a semi-supervised learning approach that leverages pattern-exploiting training and cloze-style questions. Our approach involves training a language model on the SARD and Devign datasets of code snippets with vulnerabilities, where the input is generated by masking parts of the code and asking the model to predict the masked tokens. Experimental results demonstrate that our approach can effectively detect vulnerabilities in source code, while leveraging the pattern information learned from the code snippets. This work highlights the feasibility of using pattern-exploiting training and cloze-style questions for improved performance in the detection of vulnerabilities in source code.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2023 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT)

自引率

0.00%

发文量