3.8 Proceedings Paper

AVDHRAM: Automated Vulnerability Detection based on Hierarchical Representation and Attention Mechanism

出版社

IEEE COMPUTER SOC
DOI: 10.1109/ISPA-BDCloud-SocialCom-SustainCom51426.2020.00068

关键词

vulnerability detection; program slicing; deep learning; HAN; visualization

资金

  1. National Natural Science Foundation of China [61602469]
  2. Fundamental theory and cutting edge technology Research Program of Institute of Information Engineering, CAS [Y7Z0411105]

向作者/读者索取更多资源

Vulnerability detection is imperative to protect software systems from cyber attacks. However, existing methods either rely on experts to directly define vulnerability patterns or define vulnerability features and then use machine learning methods to generate vulnerability patterns automatically. It is not only a laborious task but will miss many vulnerabilities and incur a high false-positive rate. Besides, a large number of resources are required to audit the precise location of the vulnerability. To solve the problems, we propose AVDHRAM, a systematic Automated Vulnerability Detection framework based on Hierarchical Representation and Attention Mechanism. We use a deep learning network, Hierarchical Attention Network(HAN), to relieve human experts from the tedious task of manually defining features. The framework adds structural information in the process of source code representation using a finer granularity(slice), instead of function, file, or component. It can better represent vulnerabilities and learn more subtle vulnerability patterns to improve detection accuracy. Additionally, we use the attention mechanism to implement a convenient visualization tool, which can highlight the parts that have the most significant impact on the classification decision and speed up the process of vulnerability location analysis. Experimental results show that AVDHRAM outperforms the previous neural networks and other vulnerability detection methods in several metrics.

作者

我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。

评论

主要评分

3.8
评分不足

次要评分

新颖性
-
重要性
-
科学严谨性
-
评价这篇论文

推荐

暂无数据
暂无数据