Go to DBLP homepageEffectively Detecting Software Vulnerabilities via Leveraging Features on Program Slices
Abstract: Detecting software vulnerabilities has become increasingly challenging with the growing size and complexity of modern software. Traditional static and dynamic analysis methods often suffer from poor accuracy and reliance on expert knowledge. In recent years, deep learning has shown great promise in this domain due to its ability to automatically learn subtle features from software data. However, existing deep-learning-based methods face two main limitations: 1) difficulty in effectively processing long source code sequences, leading to suboptimal feature representation and 2) insufficient exploration and utilization of common vulnerability features, which hampers further performance improvements. To address these challenges, we propose DV-LVF, a novel deep-learning-based vulnerability detection method that combines program slicing with gated recurrent unit (GRU) embedding techniques to enhance feature representation. Additionally, we introduce a vulnerability dictionary (vulDict) that explicitly captures and leverages common vulnerability patterns to improve detection accuracy. Our evaluation demonstrates that DV-LVF outperforms state-of-the-art methods, achieving accuracies of 98.59% at the function level and 99.27% at the statement level. Notably, DV-LVF successfully identifies 11 previously unknown vulnerabilities across six open-source software projects, including GPAC, Vim, NanoMQ, PJSIP, Libmobi, and Radare2.
External IDs:dblp:journals/iotj/ZhangGZTSSM25
Loading