Abstract

Due to the powerful automatic feature extraction, deep learning-based vulnerability detection methods have evolved significantly in recent years. However, almost all current work focuses on detecting vulnerabilities at a single granularity (<i>i.e</i>., slice-level or function-level). In practice, slice-level vulnerability detection is fine-grained but may contain incomplete vulnerability details. Function-level vulnerability detection includes full vulnerability semantics but may contain vulnerability-unrelated statements. Meanwhile, they pay more attention to predicting whether the source code is vulnerable and cannot pinpoint which statements are more likely to be vulnerable. In this paper, we design <i>mVulPreter</i>, a multi-granularity vulnerability detector that can provide interpretations of detection results. Specifically, we propose a novel technique to effectively blend the advantages of function-level and slice-level vulnerability detection models and output the detection results&#x0027; interpretation only by the model itself. We evaluate <i>mVulPreter</i> on a dataset containing 5,310 vulnerable functions and 7,601 non-vulnerable functions. The experimental results indicate that <i>mVulPreter</i> outperforms existing state-of-the-art vulnerability detection approaches (<i>i.e</i>., <i>Checkmarx</i>, <i>FlawFinder</i>, <i>RATS</i>, <i>TokenCNN</i>, <i>StatementLSTM</i>, <i>SySeVR</i>, and <i>Devign</i>).

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.