Snopy: Bridging Sample Denoising with Causal Graph Learning for Effective Vulnerability Detection
This program is tentative and subject to change.
Deep Learning (DL) has emerged as a promising means for vulnerability detection due to its ability to automatically derive features from vulnerable code. Unfortunately, current solutions struggle to focus on vulnerability-related parts of vulnerable functions, and tend to exploit spurious correlations for prediction, thus undermining their effectiveness in practice. In this paper, we propose Snopy, a novel DL-based approach, which bridges sample denoising with causal graph learning to capture real vulnerability patterns from vulnerable samples with numerous noise for effective detection. Specifically, Snopy adopts a change-based sample denoising approach to automatically weed out vulnerability-irrelevant code elements in the vulnerable functions without sacrificing the label accuracy. Then, Snopy constructs a novel Causality-Aware Graph Neural Network (CA-GNN) with Feature Caching Scheme (FCS) to learn causal vulnerability features while maintaining efficiency. Experiments on the three public benchmark datasets show that Snopy outperforms the state-of-the-art baselines by an average of 27.22%, 85.89%, and 75.50% in terms of F1-score, respectively.
This program is tentative and subject to change.
Tue 29 OctDisplayed time zone: Pacific Time (US & Canada) change
10:30 - 12:00 | |||
10:30 15mTalk | REACT: IR-Level Patch Presence Test for Binary Research Papers Qi Zhan Zhejiang University, Xing Hu Zhejiang University, Xin Xia Huawei, Shanping Li Zhejiang University | ||
10:45 15mTalk | Snopy: Bridging Sample Denoising with Causal Graph Learning for Effective Vulnerability Detection Research Papers Sicong Cao Yangzhou University, Xiaobing Sun Yangzhou University, Xiaoxue Wu Yangzhou University, David Lo Singapore Management University, Lili Bo Yangzhou University, Bin Li Yangzhou University, Xiaolei Liu China Academy of Engineering Physics, Xingwei Lin Zhejiang University, Wei Liu Nanjing University | ||
11:00 15mTalk | Unveiling the Characteristics and Impact of Security Patch Evolution Research Papers Zifan Xie Huazhong University of Science and Technology, Ming Wen Huazhong University of Science and Technology, Zichao Wei Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology | ||
11:15 15mTalk | Compositional Security Analysis of Dynamic Component-based Systems Research Papers | ||
11:30 15mTalk | Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities Research Papers Susheng Wu Fudan University, Ruisi Wang Fudan University, Kaifeng Huang Tongji University, Yiheng Cao Fudan University, Wenyan Song Fudan University, Zhuotong Zhou Fudan University, China, Yiheng Huang Fudan University, Bihuan Chen Fudan University, Xin Peng Fudan University | ||
11:45 10mTalk | VulZoo: A Comprehensive Vulnerability Intelligence Dataset Tool Demonstrations Bonan Ruan National University of Singapore, Jiahao Liu National University of Singapore, Weibo Zhao National University of Singapore, Zhenkai Liang National University of Singapore |