VELVET: a noVel Ensemble Learning approach to automatically locate VulnErable sTatements

“…To evaluate the effectiveness of COSTA, we adopt the most popular and largest vulnerability dataset, Big-Vul [16], which contains 15,478 vulnerable statements and 83,844 non-vulnerable statements. Our vulnerable/nonvulnerable statement classification results show that our context-based approach outperforms the state-of-the-art approaches [17,19,20] up to 96% in F1-Score and 167% in Accuracy. In addition, by ranking the statements according to their suspiciousness scores, COSTA improves these approaches from 30% to 100% in Top-1 Accuracy.…”

“…How accurate is COSTA in localizing vulnerable statements? How is it compared with the state-of-the-art approaches [17,19,20]?…”

“…For dependence context, COSTA conducts both backward and forward slicing in the Program Dependence Graph (PDG) to obtain statements impacting/being impacted by s via control and data dependencies. In this work, both the AST and the PDG are parsed by Joern [23] which is a popular source analysis tool widely used in software engineering research [10,11,13,17,20]. The surrounding context is approximated by k statements preceding and k statements succeeding s in the function.…”

“…In order to narrow down the search space, several recent studies [17][18][19][20] have focused on fine-grained, i.e., statement-level vulnerability detection. However, there are two main limitations in these approaches.…”

“…In addition, by ranking the statements according to their suspiciousness scores, COSTA improves these approaches from 30% to 100% in Top-1 Accuracy. In particular, the Top-1 Accuracy of COSTA is 42.15% while these figures of VELVET [20], LineVul [19],…”

Context-based Statement-level Vulnerability Localization

“…To evaluate the effectiveness of COSTA, we adopt the most popular and largest vulnerability dataset, Big-Vul [16], which contains 15,478 vulnerable statements and 83,844 non-vulnerable statements. Our vulnerable/nonvulnerable statement classification results show that our context-based approach outperforms the state-of-the-art approaches [17,19,20] up to 96% in F1-Score and 167% in Accuracy. In addition, by ranking the statements according to their suspiciousness scores, COSTA improves these approaches from 30% to 100% in Top-1 Accuracy.…”

“…How accurate is COSTA in localizing vulnerable statements? How is it compared with the state-of-the-art approaches [17,19,20]?…”

“…For dependence context, COSTA conducts both backward and forward slicing in the Program Dependence Graph (PDG) to obtain statements impacting/being impacted by s via control and data dependencies. In this work, both the AST and the PDG are parsed by Joern [23] which is a popular source analysis tool widely used in software engineering research [10,11,13,17,20]. The surrounding context is approximated by k statements preceding and k statements succeeding s in the function.…”

“…In order to narrow down the search space, several recent studies [17][18][19][20] have focused on fine-grained, i.e., statement-level vulnerability detection. However, there are two main limitations in these approaches.…”

“…In addition, by ranking the statements according to their suspiciousness scores, COSTA improves these approaches from 30% to 100% in Top-1 Accuracy. In particular, the Top-1 Accuracy of COSTA is 42.15% while these figures of VELVET [20], LineVul [19],…”

Context-based Statement-level Vulnerability Localization

Detecting Vulnerabilities via Explicitly Leveraging Vulnerability Features on Program Slices

Can an old fashioned feature extraction and a light-weight model improve vulnerability type identification performance?