<p>The localization of software vulnerabilities is a critical yet underexplored problem, as evidenced by the increasing need to pinpoint specific vulnerable code lines in complex software systems. This challenge necessitates machine learning methods tailored for vulnerability localization. To address this gap, we propose a novel systematic framework for fine-grained vulnerability localization in source code, named Vulnerability Positioner(VulP). The framework integrates syntax, semantics, and vulnerability context information by employing slicing techniques and a fusion layer that highlights vulnerable code regions. Firstly, slice source code based on syntax rules, generating corresponding program slices and intermediate code. Further refine these program slices by slicing the intermediate representation of code. Then, a CodeBERT-based model is designed, incorporating a fusion layer, K-max pooling layer, and average pooling layer. Validation experiments demonstrate that the proposed method surpasses existing approaches in both detection performance and localization precision, confirming the effectiveness of VulP. Additionally, the ablation experiments validate that the additional layers markedly enhance the performance of VulP.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Vulnerability Positioner (VulP): enhancing code vulnerability localization with CodeBERT

  • Xuejun Zhang,
  • Zhuo Chen,
  • Fenghe Zhang,
  • Shuqin Xu,
  • Xiaohong Jia

摘要

The localization of software vulnerabilities is a critical yet underexplored problem, as evidenced by the increasing need to pinpoint specific vulnerable code lines in complex software systems. This challenge necessitates machine learning methods tailored for vulnerability localization. To address this gap, we propose a novel systematic framework for fine-grained vulnerability localization in source code, named Vulnerability Positioner(VulP). The framework integrates syntax, semantics, and vulnerability context information by employing slicing techniques and a fusion layer that highlights vulnerable code regions. Firstly, slice source code based on syntax rules, generating corresponding program slices and intermediate code. Further refine these program slices by slicing the intermediate representation of code. Then, a CodeBERT-based model is designed, incorporating a fusion layer, K-max pooling layer, and average pooling layer. Validation experiments demonstrate that the proposed method surpasses existing approaches in both detection performance and localization precision, confirming the effectiveness of VulP. Additionally, the ablation experiments validate that the additional layers markedly enhance the performance of VulP.