Weining Zheng scite author profile

Vulnerability detection is an important issue in software security. Although various data-driven vulnerability detection methods have been proposed, the task remains challenging since the diversity and complexity of real-world vulnerable code in syntax and semantics make it difficult to extract vulnerable features with regular deep learning models, especially in analyzing a large program. Moreover, the fact that real-world vulnerable codes contain a lot of redundant information unrelated to vulnerabilities will further aggravate the above problem. To mitigate such challenges, we define a novel code representation named Slice Property Graph (SPG), and then propose VulSPG, a new vulnerability detection approach using the improved R-GCN model with triple attention mechanism to identify potential vulnerabilities in SPG. Our approach has at least two advantages over other methods. First, our proposed SPG can reflect the rich semantics and explicit structural information that may be relevance to vulnerabilities, while eliminating as much irrelevant information as possible to reduce the complexity of graph. Second, VulSPG incorporates triple attention mechanism in R-GCNs to achieve more effective learning of vulnerability patterns from SPG. We have extensively evaluated VulSPG on two largescale datasets with programs from SARD and real-world projects. Experimental results prove the effectiveness and efficiency of VulSPG.

show abstract

Vulnerability Analysis of Instructions for SDC-Causing Error Detection

Zheng

Zhuang

et al. 2019

IEEE Access

View full text Add to dashboard Cite

Due to the centralization of communication in the management of data generated by diverse Internet of Thing (IoT) devices, there is a lack of reliability when data is being transferred and stored. Among errors caused by various behaviors, Silent Data Corruption (SDC) error, owing to stealthy destruction without error prompt, is one of the most difficult data consistency problems in the storage system, whether it is a traditional multi-control, distributed storage, or public cloud storage. Nowadays, for SDC error detection, extracting instruction features to analyze vulnerabilities of programs or instructions has still not been fully explored. Literature generally just count the number of possible features, without mining the inter-characteristic of the instruction and correlation between them. Thus, we propose a method of SDC-causing Error Detection based on Support Vector Regression (SED-SVR) for fully exploiting the correlation between data features. Specifically, firstly, we extract instruction features based on the SDC vulnerability of program instructions by analyzing results of fault injections. Secondly, we establish the instruction SDC vulnerability prediction model based on SVR and propose our SED-SVR model. Thirdly, according to the predicted values of SDC vulnerability, we develop some solutions for faults tolerance of target programs by different granularity of instruction redundancy. The experimental results show that our SED-SVR has higher fault detection rate with lower performance overhead.

show abstract

Documentation-Guided API Sequence Search without Worrying about the Text-API Semantic Gap

Wei

Zheng

et al. 2023

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Weining Zheng

Vu1SPG: Vulnerability detection based on slice property graph representation learning

Flexible Educational Robotic System for a Practical Course

VulSPG: Vulnerability detection based on slice property graph representation learning

Vulnerability Analysis of Instructions for SDC-Causing Error Detection

Documentation-Guided API Sequence Search without Worrying about the Text-API Semantic Gap

Contact Info

Product

Resources

About