Automated Software Vulnerability Detection via Curriculum Learning

被引：0

作者：

Du, Qianjin ^{[1
]}

Kun, Wei ^{[2
]}

Kuang, Xiaohui ^{[2
]}

Li, Xiang ^{[2
]}

Zhao, Gang ^{[2
]}

机构：

[1] Tsinghua Univ, Dept Comp Sci & Technol, Beijing, Peoples R China

[2] Natl Key Lab Sci & Technol Informat Syst Secur, Beijing, Peoples R China

来源：

2023 IEEE INTERNATIONAL CONFERENCE ON MULTIMEDIA AND EXPO, ICME | 2023年

关键词：

Software Vulnerability; Curriculum Learning; Deep Learning;

D O I：

10.1109/ICME55011.2023.00485

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

With the development of deep learning, software vulnerability detection methods based on deep learning have achieved great success, which outperform traditional methods in efficiency and precision. At the training stage, all training samples are treated equally and presented in random order. However, in software vulnerability detection tasks, the detection difficulties of different samples vary greatly. Similar to the human learning mechanism following an easy-to-difficult curriculum learning procedure, vulnerability detection models can also benefit from the easy-to-hard curriculums. Motivated by this observation, we introduce curriculum learning for automated software vulnerability detection, which is capable of arranging easy-to-difficult training samples to learn better detection models without any human intervention. Experimental results show that our method achieves obvious performance improvements compared to baseline models.

引用

页码：2855 / 2860

页数：6

共 26 条

[1] Bengio Y., 2009, INT C MACH LEARN
[2] Cadar Cristian, 2008, P 8 USENIX C OP SYST, P209
[3] Dey R, 2017, MIDWEST SYMP CIRCUIT, P1597, DOI 10.1109/MWSCAS.2017.8053243
[4] Engler D., 2001, Operating Systems Review, V35, P57, DOI 10.1145/502059.502041
[5] Feng ZY, 2020, Arxiv, DOI [arXiv:2002.08155, DOI 10.48550/ARXIV.2002.08155, 10.48550/arXiv.2002.08155]
[6] Learning to forget: Continual prediction with LSTM
Gers, FA
Schmidhuber, J
Cummins, F
[J]. NEURAL COMPUTATION, 2000, 12 (10) : 2451 - 2471
[7] Guo DY, 2021, Arxiv, DOI arXiv:2009.08366
[8] VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery
Kim, Seulbae
Woo, Seunghoon
Lee, Heejo
Oh, Hakjoo
[J]. 2017 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2017, : 595 - 614
[9] Li Z., 2005, P 10 EUR SOFTW ENG C, P306, DOI [DOI 10.1145/1095430.1081755, 10.1145/1081706.1081755, DOI 10.1145/1081706.1081755]
[10] Li Z, 2018, Arxiv, DOI arXiv:1801.01681

← 1 2 3 →