Identify Vulnerability Fix Commits Automatically Using Hierarchical Attention Network

Sun, Mingxin and Wang, Wenjie and Feng, Hantao and Sun, Hongu and Zhang, Yuqing (2020) Identify Vulnerability Fix Commits Automatically Using Hierarchical Attention Network. EAI Endorsed Transactions on Security and Safety, 7 (23). e2. ISSN 2032-9393

[thumbnail of eai.13-7-2018.164552.pdf]
Available under License Creative Commons Attribution No Derivatives.

Download (2MB) | Preview


The application of machine learning and deep learning in the field of vulnerability detection is a hot topic in security research, but currently it faces the problem of lack of dataset. Considering vulnerable code can be obtained from vulnerability fix commits, we propose an automatic vulnerability commit identification tool based on hierarchical attention network (HAN) to expand existing vulnerability dataset. HAN can model the input data at the word and sentence levels respectively and pay attention to the changes in the characteristics of different words in different categories, which improves the classification performance. Experimental results show that the accuracy and F1 of our model both achieve 92%. Through the vulnerability fix commit, researchers can quickly locate the vulnerable code. And extracting vulnerable code from open-source software can effectively expand the current dataset due to the enormous number of open-source software.

Item Type: Article
Uncontrolled Keywords: vulnerability detection, GitHub Commits, deep learning, vulnerability patch
Subjects: H Social Sciences > H Social Sciences (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
QA75 Electronic computers. Computer science
Depositing User: EAI Editor IV
Date Deposited: 26 Mar 2021 14:02
Last Modified: 26 Mar 2021 14:02

Actions (login required)

View Item
View Item