Cross Domain on Snippets: BiLSTM-TextCNN based Vulnerability Detection with Domain Adaptation.


Cited 0|Views11
No score
Due to the ubiquity of computer software, software vulnerability detection(SVD) problem is essential to protect cyber system from attacks. Recently, deep learning-based vulnerability detection has achieved outstanding performance, relieving experts from tedious task of manually defining vulnerability features as well. However, its detection capability is compromised when facing with the scarcity of labeled data. One possible solution is to leverage training data with adequate labels from other domains, but the data distributions in different domains differ significantly. On the other hand, function level detection is too coarse-grained and not able to capture inter-procedure vulnerability patterns. In this paper, we propose a systematic Snippet-Oriented Cross-Domain Vulnerability Detection Framework with Domain Adaptation, which is the first time to detect cross-project vulnerabilities at a finer granularity than function. Firstly, we generate Code Snippets from 5 real-world projects and 3 types of CWE in NVD and SARD for cross-project and cross-type detection; Secondly, we propose an novel and effective approach to obtain deep features for domain adaptation; Finally, we employ the domain adaptation algorithm on these deep features to reduce the divergence between different domains and get the final result. Experimental results show that our framework outperforms other state-of-the-art approaches.
Translated text
Key words
vulnerability detection,Cross-Domain,code snippet,domain adaptation,deep learning
AI Read Science
Must-Reading Tree
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined