{"title":"Improve vulnerability prediction performance using self-attention mechanism and convolutional neural network","authors":"Bingjie Duan, Xu Zhou, Xugang Wu","doi":"10.1117/12.2639144","DOIUrl":null,"url":null,"abstract":"With the vigorous development of the Internet, the number of commonly used software has also increased rapidly. The security and reliability of software have become important challenges that researchers must deal with. Fuzzing is a way of detecting vulnerabilities by providing unintended inputs to the target software and observing the final running results. During these years, fuzzing has proven its effectiveness in software security testing. But a large number of fuzzing tools rely solely on runtime information while testing software. Achieving static vulnerability prediction for programs in advance can greatly improve the efficiency of fuzzing. Vulnerability prediction aims to obtain the possibility of vulnerabilities in different parts of the program. The existing vulnerability prediction methods are relatively simple for feature extraction between basic blocks. We design a novel model combining self-attention mechanism and convolutional neural networks, which can extract and integrate the internal information of functions. Compared with the state-of-the-art V-Fuzz, our recall can be improved by 9.7 percentage points, and the accuracies of K-100~K-1000 can be higher than 90%.","PeriodicalId":336892,"journal":{"name":"Neural Networks, Information and Communication Engineering","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Neural Networks, Information and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1117/12.2639144","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
With the vigorous development of the Internet, the number of commonly used software has also increased rapidly. The security and reliability of software have become important challenges that researchers must deal with. Fuzzing is a way of detecting vulnerabilities by providing unintended inputs to the target software and observing the final running results. During these years, fuzzing has proven its effectiveness in software security testing. But a large number of fuzzing tools rely solely on runtime information while testing software. Achieving static vulnerability prediction for programs in advance can greatly improve the efficiency of fuzzing. Vulnerability prediction aims to obtain the possibility of vulnerabilities in different parts of the program. The existing vulnerability prediction methods are relatively simple for feature extraction between basic blocks. We design a novel model combining self-attention mechanism and convolutional neural networks, which can extract and integrate the internal information of functions. Compared with the state-of-the-art V-Fuzz, our recall can be improved by 9.7 percentage points, and the accuracies of K-100~K-1000 can be higher than 90%.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
