SPRSPS: An Effective Preprocessing Framework to Enhance Vulnerability Detection in Deep Learning Models

SPRSPS: An Effective Preprocessing Framework to Enhance Vulnerability Detection in Deep Learning Models

연구 분야: Strategies

학회: AIBDF '24: Proceedings of the 4th Asia-Pacific Artificial Intelligence and Big Data Forum

Current vulnerability detection methods based on deep learning and program slicing techniques are widely used, but the program representations and slicing strategies they employ are not well-suited for this purpose. This paper introduces the SPRSPS (More Suitable Program Representation and Smarter Program Slicing) framework, which standardizes and enhances preprocessing procedures. The approach involves: first, utilizing features of LLVM IR, such as SSA and control/data flow simplification, to construct program representations more suitable for vulnerability detection; second, optimizing graph representations for graph neural networks commonly used in both general and specific vulnerability detection. Compared to previous work, it more clearly defines node and edge features. Finally, it thoroughly investigates the distances between vulnerability manifestation points and root causes, proposing a smarter slicing strategy. Ablation experiments were conducted on the general vulnerability detection model SedSVD and the specific vulnerability detection model GLICE. After replacing their preprocessing methods with the proposed approach, improvements were observed in accuracy and F1 scores. In the SedSVD project, the false positive rate (FPR) decreased by 12%, accuracy increased by 7%, and the F1 score improved by 10%, with a 95% reduction in the number of result lines, indicating more precise vulnerability localization. In the GLICE project, the FPR decreased by 10%, accuracy improved by 3%, and the number of result lines was significantly reduced by 91%. These experiments demonstrate that using the SPRSPS framework allows for more accurate and efficient vulnerability detection.