{"title":"使用分层注意网络自动识别漏洞修复提交","authors":"Mingxin Sun, Wenjie Wang, Hantao Feng, Hongu Sun, Yuqing Zhang","doi":"10.4108/eai.13-7-2018.164552","DOIUrl":null,"url":null,"abstract":"The application of machine learning and deep learning in the field of vulnerability detection is a hot topic in security research, but currently it faces the problem of lack of dataset. Considering vulnerable code can be obtained from vulnerability fix commits, we propose an automatic vulnerability commit identification tool based on hierarchical attention network (HAN) to expand existing vulnerability dataset. HAN can model the input data at the word and sentence levels respectively and pay attention to the changes in the characteristics of different words in different categories, which improves the classification performance. Experimental results show that the accuracy and F1 of our model both achieve 92%. Through the vulnerability fix commit, researchers can quickly locate the vulnerable code. And extracting vulnerable code from open-source software can effectively expand the current dataset due to the enormous number of open-source software. Received on 14 April 2020; accepted on 05 May 2020; published on 12 May 2020","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Identify Vulnerability Fix Commits Automatically Using Hierarchical Attention Network\",\"authors\":\"Mingxin Sun, Wenjie Wang, Hantao Feng, Hongu Sun, Yuqing Zhang\",\"doi\":\"10.4108/eai.13-7-2018.164552\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The application of machine learning and deep learning in the field of vulnerability detection is a hot topic in security research, but currently it faces the problem of lack of dataset. Considering vulnerable code can be obtained from vulnerability fix commits, we propose an automatic vulnerability commit identification tool based on hierarchical attention network (HAN) to expand existing vulnerability dataset. HAN can model the input data at the word and sentence levels respectively and pay attention to the changes in the characteristics of different words in different categories, which improves the classification performance. Experimental results show that the accuracy and F1 of our model both achieve 92%. Through the vulnerability fix commit, researchers can quickly locate the vulnerable code. And extracting vulnerable code from open-source software can effectively expand the current dataset due to the enormous number of open-source software. Received on 14 April 2020; accepted on 05 May 2020; published on 12 May 2020\",\"PeriodicalId\":335727,\"journal\":{\"name\":\"EAI Endorsed Trans. Security Safety\",\"volume\":\"21 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-05-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"EAI Endorsed Trans. Security Safety\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4108/eai.13-7-2018.164552\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"EAI Endorsed Trans. Security Safety","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/eai.13-7-2018.164552","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Identify Vulnerability Fix Commits Automatically Using Hierarchical Attention Network
The application of machine learning and deep learning in the field of vulnerability detection is a hot topic in security research, but currently it faces the problem of lack of dataset. Considering vulnerable code can be obtained from vulnerability fix commits, we propose an automatic vulnerability commit identification tool based on hierarchical attention network (HAN) to expand existing vulnerability dataset. HAN can model the input data at the word and sentence levels respectively and pay attention to the changes in the characteristics of different words in different categories, which improves the classification performance. Experimental results show that the accuracy and F1 of our model both achieve 92%. Through the vulnerability fix commit, researchers can quickly locate the vulnerable code. And extracting vulnerable code from open-source software can effectively expand the current dataset due to the enormous number of open-source software. Received on 14 April 2020; accepted on 05 May 2020; published on 12 May 2020
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
