Abstract
Software vulnerabilities are one of the important reasons for network intrusion. It is vital to detect and fix vulnerabilities in a timely manner. Existing vulnerability detection methods usually rely on single code models, which may miss some vulnerabilities. This paper implements a vulnerability detection system by combining source code and assembly code models. First, code slices are extracted from the source code and assembly code. Second, these slices are aligned by the proposed code alignment algorithm. Third, aligned code slices are converted into vector and input into a hyper fusion-based deep learning model. Experiments are carried out to verify the system. The results show that the system presents a stable and convergent detection performance.
Highlights
Software vulnerability detection is crucial to cybersecurity defenses
Ere are a wide variety of vulnerability detection methods for discovering vulnerabilities in software. ey can be broadly divided into dynamic analysis and static analysis methods. e former identify vulnerable behaviors in the process of analyzing and executing software [2, 3]
A code alignment algorithm is suggested to connect each source code statement with its corresponded assembly code statements. en, the aligned codes are combined to form a fused slice. ese new slices, together with the original source code slices and assembly code slices, are fed into the hyper fusion-based deep learning model for vulnerability detection. e main contributions of this paper include the following: (1) We improve the performance of the vulnerability detection by fusing the models of assembly codes and source codes
Summary
Software vulnerability detection is crucial to cybersecurity defenses. In recent years, the number of software vulnerabilities reported has grown rapidly with the development of the software industry. E graph-based deep learning vulnerability detection method in [14] extracts the graph of the code to predict vulnerabilities. In order to balance the detection speed and accuracy, we use a similar token sequence-based deep learning model as those in [10,11,12, 15]. Ese new slices, together with the original source code slices and assembly code slices, are fed into the hyper fusion-based deep learning model for vulnerability detection. (1) We improve the performance of the vulnerability detection by fusing the models of assembly codes and source codes (2) We suggest a simple but effective alignment method between source codes and assembly codes to quickly align the data slices (3) We collect a vulnerability dataset composed of source and assembly codes, which can be used to train and verify the proposed multimodal-based vulnerability detection method
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
