Filters








9 Hits in 3.9 sec

VuRLE: Automatic Vulnerability Detection and Repair by Learning from Examples [chapter]

Siqi Ma, Ferdian Thung, David Lo, Cong Sun, Robert H. Deng
2017 Lecture Notes in Computer Science  
VuRLE 1) learns transformative edits and their contexts (i.e., code characterizing edit locations) from examples of vulnerable codes and their corresponding repaired codes; 2) clusters similar transformative  ...  To assist developers to deal with multiple types of vulnerabilities, we propose a new tool, called VuRLE, for automatic detection and repair of vulnerabilities.  ...  To address the above limitations, we design and implement a novel tool, called VuRLE (Vulnerability Repair by Learning from Examples), that can help developers automatically detect and repair multiple  ... 
doi:10.1007/978-3-319-66399-9_13 fatcat:ev7e4r2trvhq5duuxkh64fmcim

Example-Based Vulnerability Detection and Repair in Java Code [article]

Ying Zhang, Ya Xiao, Md Mahir Asef Kabir, Danfeng Yao, Na Meng
2022 arXiv   pre-print
To overcome both limitations, we created Seader-an example-based approach to detect and repair security-API misuses.  ...  With these patterns, we applied SEADER to a program benchmark that has 86 known vulnerabilities. Seader detected vulnerabilities with 95% precision, 72% recall, and82% F-score.  ...  ACKNOWLEDGMENTS We thank anonymous reviewers and Dr. Eric Bodden for their valuable comments. This work was supported by NSF-1845446 and NSF-1929701.  ... 
arXiv:2203.09009v2 fatcat:c7j33lmhgfgf7a2ih37i5exgpq

Neural Transfer Learning for Repairing Security Vulnerabilities in C Code [article]

Zimin Chen, Steve Kommrusch, Martin Monperrus
2022 arXiv   pre-print
In this paper, we address the problem of automatic repair of software vulnerabilities with deep learning.  ...  In this work, we leverage the intuition that the bug fixing task and the vulnerability fixing task are related and that the knowledge learned from bug fixes can be transferred to fixing vulnerabilities  ...  The computations was enabled by resources provided by the Swedish National Infrastructure for Computing (SNIC), partially funded by the Swedish Research Council through grant agreement no. 2018-05973.  ... 
arXiv:2104.08308v3 fatcat:cjhoay5n2zeoleok742qtwk6dq

Neural Transfer Learning for Repairing Security Vulnerabilities in C Code

Zimin Chen, Steve James Kommrusch, Martin Monperrus
2022 IEEE Transactions on Software Engineering  
In this paper, we address the problem of automatic repair of software vulnerabilities with deep learning.  ...  In this work, we leverage the intuition that the bug fixing task and the vulnerability fixing task are related and that the knowledge learned from bug fixes can be transferred to fixing vulnerabilities  ...  Vurle is a template based approach to repair vulnerability by learning from previous examples [9] . They first extract the edit from the AST diff between the buggy and fixed source code.  ... 
doi:10.1109/tse.2022.3147265 fatcat:qrgow4i645fl7ooelpy5exgkvi

An Automatic Source Code Vulnerability Detection Approach Based on KELM

Gaigai Tang, Lin Yang, Shuangyin Ren, Lianxiao Meng, Feng Yang, Huiqiang Wang, Xiaokang Zhou
2021 Security and Communication Networks  
To mitigate this issue, researchers introduced neural networks to automatically extract features to improve the intelligence of vulnerability detection.  ...  Traditional vulnerability detection mostly ran on rules or source code similarity with manually defined vulnerability features.  ...  Siqi Ma [13] proposed a tool called VuRLE for automatic detection and repair of vulnerabilities.  ... 
doi:10.1155/2021/5566423 fatcat:d4ux3oawjfgfvdxtjze7c5q62i

Data-Driven Vulnerability Detection and Repair in Java Code [article]

Ying Zhang, Mahir Kabir, Ya Xiao, Danfeng, Na Meng
2021
To eliminate such API-related vulnerabilities, this paper presents SEADER -- our new approach that detects and repairs security API misuses.  ...  Additionally, we applied SEADER to 100 Apache open-source projects and detected 988 vulnerabilities; SEADER always customized repair suggestions correctly.  ...  vulnerability-repair patterns from examples, and applies those patterns for vulnerability detection and repair suggestion.  ... 
doi:10.48550/arxiv.2102.06994 fatcat:6geu3v6gbzc2rfmh5xqatni2pu

A comparative study of neural network techniques for automatic software vulnerability detection [article]

Gaigai Tang, Lianxiao Meng, Shuangyin Ren, Weipeng Cao, Qiang Wang, Lin Yang
2021 pre-print
., Bi-LSTM and RVFL) with the two most classical data preprocessing methods (i.e., the vector representation and the program symbolization methods) on software vulnerability detection problems and obtained  ...  Software vulnerabilities are usually caused by design flaws or implementation errors, which could be exploited to cause damage to the security of the system.  ...  In [12] , the authors propose a tool called VuRLE for automatic detection and repair of vulnerabilities.  ... 
doi:10.1109/tase49443.2020.00010 arXiv:2104.14978v1 fatcat:ta5fpyeksfcwpdfqhuw6pdsgwa

VUDENC: Vulnerability Detection with Deep Learning on a Natural Codebase for Python

Laura Wartschinski, Yannic Noller, Thomas Vogel, Timo Kehrer, Lars Grunske
2022
Method: In this article, we present VUDENC (Vulnerability Detection with Deep Learning on a Natural Codebase), a deep learning-based vulnerability detection tool that automatically learns features of vulnerable  ...  However, the manual detection of software vulnerabilities requires expert knowledge and is time-consuming, and must be supported by automated techniques.  ...  In this paper, we present Vudenc (Vulnerability Detection with Deep Learning on a Natural Codebase), a deep learning-based vulnerability detection system that automatically learns features of vulnerable  ... 
doi:10.48550/arxiv.2201.08441 fatcat:weu3i2besfdj3nommjltxaa3h4

Security techniques for virtual machine based systems

Wadu M. M. Dilshan Jayarathna
2022
/compromised service from accessing all other resources while the service is still running.  ...  First, the thesis considers virtual machine introspection based techniques for detecting anomalies in virtual machine based applications and services.  ...  While DNS is one of the important services in the current Internet infrastructure, DNS is still vulnerable to different types of attacks. This is mainly due to one of  ... 
doi:10.25949/19431446 fatcat:26s5jbio3rcjhn7bno3gydzexm