Miaomiao Shao and Yuxin Ding, Harbin Institute of Technology, Shenzhen
Software vulnerabilities pose a significant threat to software security. Nevertheless, existing vulnerability detection methods still struggle to effectively identify vulnerabilities and pinpoint vulnerable statements. In this paper, we introduce FVD-DPM: a novel Fine-grained Vulnerability Detection approach via a conditional Diffusion Probabilistic Model. FVD-DPM formalizes vulnerability detection as a diffusion-based graph-structured prediction problem. Firstly, it generates a new fine-grained code representation by extracting graph-level program slices from the Code Joint Graph. Then, a conditional diffusion probabilistic model is employed to model the node label distribution in the program slices, predicting which nodes are vulnerable. FVD-DPM achieves both precise vulnerability identification (slice-level detection) and vulnerability localization (statement-level detection). We evaluate FVD-DPM on five collected datasets and compare it against nine state-of-the-art vulnerability detection approaches. Experimental results demonstrate that FVD-DPM significantly outperforms the baseline approaches across various evaluation settings.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Miaomiao Shao and Yuxin Ding},
title = {{FVD-DPM}: Fine-grained Vulnerability Detection via Conditional Diffusion Probabilistic Models},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {7375--7392},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/shao},
publisher = {USENIX Association},
month = aug
}
