ASE 2023
Mon 11 - Fri 15 September 2023 Kirchberg, Luxembourg
Wed 13 Sep 2023 11:40 - 11:55 at Room FR - Industry Challenge (Competition) Chair(s): Kui Liu

Software vulnerabilities damage the functionality of software systems. Recently, many deep learning-based approaches have been proposed to detect vulnerabilities at the function level by using one or a few different modalities (e.g., text representation, graph-based representation) of the function and have achieved promising performance. However, some of these existing studies have not completely leveraged these diverse modalities, particularly the underutilized image modality, and the others using images to represent functions for vulnerability detection have not made adequate use of the significant graph structure underlying the images.

In this paper, we propose MVulD, a multi-modal-based function-level vulnerability detection approach, which utilizes multi-modal features of the function (i.e., text representation, graph representation, and image representation) to detect vulnerabilities. Specifically, MVulD utilizes a pre-trained model (i.e., UniXcoder) to learn the semantic information of the textual source code, employs the graph neural network to distill graph-based representation, and makes use of computer vision techniques to obtain the image representation while retaining the graph structure of the function. We conducted a large-scale experiment on 25,816 functions. The experimental results show that MVulD improves four state-of-the-art baselines by 30.8%-81.3%, 12.8%-27.4%, 48.8%-115%, and 22.9%-141% in terms of F1-score, Accuracy, Precision, and PR-AUC respectively.

MVulD: Function-level Vulnerability Detection Through Fusing Multi-Modal Knowledge (ase-industry-MVulD.pptx)3.20MiB

Wed 13 Sep

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:10 - 11:55
Industry Challenge (Competition)Industry Challenge (Competition) at Room FR
Chair(s): Kui Liu Huawei
11:10
15m
Talk
PreciseBugCollector: Extensible, Executable and Precise Bug-fix Collection
Industry Challenge (Competition)
He Ye Carnegie Mellon University, Zimin Chen KTH Royal Institute of Technology, Claire Le Goues Carnegie Mellon University
Pre-print
11:25
15m
Talk
BugMiner: Automating Precise Bug Dataset Construction by Code Evolution History Mining
Industry Challenge (Competition)
Xuezhi Song Fudan University, Yijian Wu Fudan University, Junming Cao Fudan University, Bihuan Chen Fudan University, Yun Lin Shanghai Jiao Tong University, Zhengjie Lu Fudan University, Dingji Wang Fudan University, Xin Peng Fudan University
11:40
15m
Industry talk
Function-level Vulnerability Detection Through Fusing Multi-Modal KnowledgeRecorded talk
Industry Challenge (Competition)
Chao Ni Zhejiang University, Xinrong Guo School of Software Technology, Zhejiang University, Yan Zhu Zhejiang University, xiaodanxu , Xiaohu Yang Zhejiang University
Media Attached File Attached