Litcius/Paper detail

VGX: Large-Scale Sample Generation for Boosting Learning-Based Software Vulnerability Analyses

Yu Nong, Richard Fang, Guangbei Yi, Kunsong Zhao, Xiapu Luo, Feng Chen, Haipeng Cai

202424 citationsDOIOpen Access PDF

Abstract

Accompanying the successes of learning-based defensive software vulnerability analyses is the lack of large and quality sets of labeled vulnerable program samples, which impedes further advancement of those defenses. Existing automated sample generation approaches have shown potentials yet still fall short of practical expectations due to the high noise in the generated samples. This paper proposes VGX, a new technique aimed for large-scale generation of high-quality vulnerability datasets. Given a normal program, VGX identifies the code contexts in which vulnerabilities can be injected, using a customized Transformer featured with a new value-flow-based position encoding and pre-trained against new objectives particularly for learning code structure and context. Then, VGX materializes vulnerability-injection code editing in the identified contexts using patterns of such edits obtained from both historical fixes and human knowledge about real-world vulnerabilities.

Topics & Concepts

Computer scienceSoftwareVulnerability (computing)TransformerSample (material)Artificial intelligenceMachine learningContext (archaeology)Code (set theory)Vulnerability assessmentBoosting (machine learning)Data miningComputer securityEngineeringGeographyChemistryProgramming languagePsychologyChromatographyElectrical engineeringSet (abstract data type)PsychotherapistArchaeologyVoltagePsychological resilienceSoftware Engineering ResearchAdvanced Malware Detection TechniquesWeb Application Security Vulnerabilities
VGX: Large-Scale Sample Generation for Boosting Learning-Based Software Vulnerability Analyses | Litcius