{"title":"自动生成受控补丁,加强对通信软件漏洞的修复","authors":"Shuo Feng;Shuai Yuan;Zhitao Guan;Xiaojiang Du","doi":"10.23919/ICN.2024.0016","DOIUrl":null,"url":null,"abstract":"Software is a crucial component in the communication systems, and its security is of paramount importance. However, it is susceptible to different types of attacks due to potential vulnerabilities. Meanwhile, significant time and effort is required to fix such vulnerabilities. We propose an automated program repair method based on controlled text generation techniques. Specifically, we utilize a fine-tuned language model for patch generation and introduce a discriminator to evaluate the generation process, selecting results that contribute most to vulnerability fixes. Additionally, we perform static syntax analysis to expedite the patch verification process. The effectiveness of the proposed approach is validated using QuixBugs and Defects4J datasets, demonstrating significant improvements in generating correct patches compared to other existing methods.","PeriodicalId":100681,"journal":{"name":"Intelligent and Converged Networks","volume":"5 3","pages":"222-236"},"PeriodicalIF":0.0000,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10706762","citationCount":"0","resultStr":"{\"title\":\"Automated and Controlled Patch Generation for Enhanced Fixing of Communication Software Vulnerabilities\",\"authors\":\"Shuo Feng;Shuai Yuan;Zhitao Guan;Xiaojiang Du\",\"doi\":\"10.23919/ICN.2024.0016\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software is a crucial component in the communication systems, and its security is of paramount importance. However, it is susceptible to different types of attacks due to potential vulnerabilities. Meanwhile, significant time and effort is required to fix such vulnerabilities. We propose an automated program repair method based on controlled text generation techniques. Specifically, we utilize a fine-tuned language model for patch generation and introduce a discriminator to evaluate the generation process, selecting results that contribute most to vulnerability fixes. Additionally, we perform static syntax analysis to expedite the patch verification process. The effectiveness of the proposed approach is validated using QuixBugs and Defects4J datasets, demonstrating significant improvements in generating correct patches compared to other existing methods.\",\"PeriodicalId\":100681,\"journal\":{\"name\":\"Intelligent and Converged Networks\",\"volume\":\"5 3\",\"pages\":\"222-236\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10706762\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Intelligent and Converged Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10706762/\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Intelligent and Converged Networks","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10706762/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Automated and Controlled Patch Generation for Enhanced Fixing of Communication Software Vulnerabilities
Software is a crucial component in the communication systems, and its security is of paramount importance. However, it is susceptible to different types of attacks due to potential vulnerabilities. Meanwhile, significant time and effort is required to fix such vulnerabilities. We propose an automated program repair method based on controlled text generation techniques. Specifically, we utilize a fine-tuned language model for patch generation and introduce a discriminator to evaluate the generation process, selecting results that contribute most to vulnerability fixes. Additionally, we perform static syntax analysis to expedite the patch verification process. The effectiveness of the proposed approach is validated using QuixBugs and Defects4J datasets, demonstrating significant improvements in generating correct patches compared to other existing methods.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
