Authors
Yi Li, Shaohua Wang, Tien N. Nguyen
Publication date
2021
Conference
(ESEC/FSE)The ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Description
Despite the successes of machine learning (ML) and deep learning (DL)-based vulnerability detectors (VD), they are limited to providing only the decision on whether a given code is vulnerable or not, without details on what part of the code is relevant to the detected vulnerability. We present IVDetect, an interpretable vulnerability detector with the philosophy of using Artificial Intelligence (AI) to detect vulnerabilities, while using Intelligence Assistant (IA) to provide VD interpretations in terms of vulnerable statements.
For vulnerability detection, we separately consider the vulnerable statements and their surrounding contexts via data and control dependencies. This allows our model better discriminate vulnerable statements than using the mixture of vulnerable code and contextual code as in existing approaches. In addition to the coarse-grained vulnerability detection result, we leverage interpretable AI to provide …
Total citations
Scholar articles
Y Li, S Wang, TN Nguyen - Proceedings of the 29th ACM Joint Meeting on …, 2021