Abstract
With the rapid development of the information age, software vulnerabilities have threatened the safety of communication and mobile network, and research on vulnerability repair is urgent. Different from the existing machine learning-based approaches, we propose VulRep, a vulnerability repair approach based on vulnerability introduction, which combines empirical research findings on vulnerability inducing and vulnerability fixing commit with machine learning approaches for vulnerability repair. Firstly, we construct the vulnerability introduction and repair dataset, and generate the AST tree for the code of inducing commit and fixing commit to form a sequence after abstraction processing, and input it into the Transformer model to generate a recommendation list through beam search. After filling in the abstracted code, it is combined with the rules defined by empirical research findings, and the final patch is obtained after verification. Experimental results show that VulRep can improve the performance of repairing vulnerabilities, which illustrates the effectiveness of combined empirical research findings. In addition, we found that our approach is more suitable for repairing type CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) vulnerabilities and can perform vulnerability repair better.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: EURASIP Journal on Wireless Communications and Networking
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
