Data Quality for Software Vulnerability Datasets

Croft, Roland; Babar, M. Ali; Kholoosi, M. Mehdi

doi:10.1109/icse48619.2023.00022

Cited by 48 publications

(2 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our experiments are summarised by Table 2 8 . We address the research questions outlined in Section 4C as follows:…”

Section: Results and Evaluationmentioning

confidence: 99%

See 1 more Smart Citation

Software Vulnerability Detection Using Informed Code Graph Pruning

Gear,

Xu,

Foo

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Security vulnerabilities in source code are a growing problem which can lead to financial, reputation, physical, and even human damage when exploited by malicious actors. The use of deep learning to locate these vulnerabilities before they are deployed is currently a major area of security research. Code graphs such as Abstract Syntax Trees and Code Property Graphs are commonly used as input data to deep learning models as they are highly expressive of the code's function. However, as the length of source code increases, so too does the computational cost of vulnerability detection models. Typically this cost is managed by using only a sample of the input graph, however this is often done randomly and with little consideration for the lost information. Little work has been done to explore informed heuristic-based pruning methods that can be used to reduce graph size to manageable levels by removing information irrelevant to vulnerabilities, while preserving relevant information. We present ''Semantic-enhanced Code Embedding for Vulnerability Detection'' (SCEVD), a deep learning model for vulnerability detection that seeks to fill these gaps by using more detailed information about code semantics to select vulnerability-relevant features from code graphs. We propose several heuristic-based pruning methods, implement them as part of SCEVD, and conduct experiments to verify their effectiveness. Our heuristic-based pruning improves on vulnerability detection results by up to 12% over the baseline pruning method.

show abstract

“…Our experiments are summarised by Table 2 8 . We address the research questions outlined in Section 4C as follows:…”

Section: Results and Evaluationmentioning

confidence: 99%

“…Big-Vul is a very large dataset of real C/C++ code, however Croft et al [8] find that its accuracy over a sample they examined was only 54.3%. We found it had issues with completeness when we attempted to produce code graphs for its entries, as C/C++ cannot be completely parsed without full context which Big-Vul does not provide.…”

Section: Limitationsmentioning

confidence: 99%