Abstract
Due to the powerful automatic feature extraction, deep learning-based vulnerability detection methods have evolved significantly in recent years. However, almost all current work focuses on detecting vulnerabilities at a single granularity (<i>i.e</i>., slice-level or function-level). In practice, slice-level vulnerability detection is fine-grained but may contain incomplete vulnerability details. Function-level vulnerability detection includes full vulnerability semantics but may contain vulnerability-unrelated statements. Meanwhile, they pay more attention to predicting whether the source code is vulnerable and cannot pinpoint which statements are more likely to be vulnerable. In this paper, we design <i>mVulPreter</i>, a multi-granularity vulnerability detector that can provide interpretations of detection results. Specifically, we propose a novel technique to effectively blend the advantages of function-level and slice-level vulnerability detection models and output the detection results' interpretation only by the model itself. We evaluate <i>mVulPreter</i> on a dataset containing 5,310 vulnerable functions and 7,601 non-vulnerable functions. The experimental results indicate that <i>mVulPreter</i> outperforms existing state-of-the-art vulnerability detection approaches (<i>i.e</i>., <i>Checkmarx</i>, <i>FlawFinder</i>, <i>RATS</i>, <i>TokenCNN</i>, <i>StatementLSTM</i>, <i>SySeVR</i>, and <i>Devign</i>).
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
