Vui lòng dùng định danh này để trích dẫn hoặc liên kết đến tài liệu này: https://dspace.ctu.edu.vn/jspui/handle/123456789/117420
Nhan đề: Just-in-time vulnerability detection and localization
Tác giả: Vo, Hieu Dinh
Từ khoá: Just-in-time vulnerability detection
Just-in-time vulnerability localization
Vulnerable commit
Vulnerable statement
Năm xuất bản: 2024
Tùng thư/Số báo cáo: Tạp chí Tin học và Điều khiển học (Journal of Computer Science and Cybernetics);Vol.40, No.01 .- P.79-101
Tóm tắt: Software vulnerabilities have increased dramatically, and multiple severe attacks have occurred in recent years. This poses a critical challenge for early detection and prevention of vulnerabilities in Software Quality Assurance. This paper introduces a novel framework, JULY, which serves the dual purpose of detecting vulnerable commits and localizing the root causes of the vulnerabilities. The fundamental concept of JULY is that the determinant of the vulnerability of a commit is the inherent meaning embedded in its changed code. For just-in-time vulnerability detection (JIT-VD), JULY represents each commit by a Code Transformation Graph and employs a Graph Neural Network model to capture their meanings and distinguish between vulnerable and non-vulnerable commits. Once a commit is detected as vulnerable, it is passed to the just-in-time vulnerability localization (JIT-VL) model to localize the root causes, which are vulnerable changed statements. In JIT-VL, JULY encodes each statement by the following features: operation, context, and topic. Then, JULY measures the suspiciousness score of each changed statement and ranks them based on their scores. To evaluate the effectiveness of JULY, we conducted several experiments using a dataset consisting of 20,274 commits in 506 C/C++ projects. JULY achieves a remarkable improvement of 95% in Top-1 ACC and 63% in MRR compared to the state-of-the-art approaches. Furthermore, when examining the same portion (i.e., 20%) of modified statements in each commit, JULY can find twice as many vulnerable statements within a given commit as the state-of-the-art approaches.
Định danh: https://dspace.ctu.edu.vn/jspui/handle/123456789/117420
ISSN: 1813-9663
Bộ sưu tập: Tin học và Điều khiển học (Journal of Computer Science and Cybernetics)

Các tập tin trong tài liệu này:
Tập tin Mô tả Kích thước Định dạng  
_file_
  Giới hạn truy cập
1.62 MBAdobe PDF
Your IP: 216.73.216.129


Khi sử dụng các tài liệu trong Thư viện số phải tuân thủ Luật bản quyền.