An Unbiased Transformer Source Code Learning with Semantic Vulnerability Graph

by   Nafis Tanveer Islam, et al.

Over the years, open-source software systems have become prey to threat actors. Even as open-source communities act quickly to patch the breach, code vulnerability screening should be an integral part of agile software development from the beginning. Unfortunately, current vulnerability screening techniques are ineffective at identifying novel vulnerabilities or providing developers with code vulnerability and classification. Furthermore, the datasets used for vulnerability learning often exhibit distribution shifts from the real-world testing distribution due to novel attack strategies deployed by adversaries and as a result, the machine learning model's performance may be hindered or biased. To address these issues, we propose a joint interpolated multitasked unbiased vulnerability classifier comprising a transformer "RoBERTa" and graph convolution neural network (GCN). We present a training process utilizing a semantic vulnerability graph (SVG) representation from source code, created by integrating edges from a sequential flow, control flow, and data flow, as well as a novel flow dubbed Poacher Flow (PF). Poacher flow edges reduce the gap between dynamic and static program analysis and handle complex long-range dependencies. Moreover, our approach reduces biases of classifiers regarding unbalanced datasets by integrating Focal Loss objective function along with SVG. Remarkably, experimental results show that our classifier outperforms state-of-the-art results on vulnerability detection with fewer false negatives and false positives. After testing our model across multiple datasets, it shows an improvement of at least 2.41 best-case scenario. Evaluations using N-day program samples demonstrate that our proposed approach achieves a 93 zero-day vulnerabilities from popular GitHub repositories.


page 1

page 11


VMCDL: Vulnerability Mining Based on Cascaded Deep Learning Under Source Control Flow

With the rapid development of the computer industry and computer softwar...

LineVD: Statement-level Vulnerability Detection using Graph Neural Networks

Current machine-learning based software vulnerability detection methods ...

Automated Vulnerability Detection in Source Code Using Deep Representation Learning

Increasing numbers of software vulnerabilities are discovered every year...

AutoPruner: Transformer-Based Call Graph Pruning

Constructing a static call graph requires trade-offs between soundness a...

Sequential Graph Neural Networks for Source Code Vulnerability Identification

Vulnerability identification constitutes a task of high importance for c...

DeepVulSeeker: A Novel Vulnerability Identification Framework via Code Graph Structure and Pre-training Mechanism

Software vulnerabilities can pose severe harms to a computing system. Th...

Localizing Patch Points From One Exploit

Automatic patch generation can significantly reduce the window of exposu...

Please sign up or login with your details

Forgot password? Click here to reset