FSE 2025
Mon 23 - Fri 27 June 2025 Trondheim, Norway
co-located with ISSTA 2025
Tue 24 Jun 2025 11:50 - 12:00 at Pirsenteret 150 - Vulnerability 2 Chair(s): Xiaoxue Ren

The development of machine learning techniques for discovering software vulnerabilities relies fundamentally on the availability of appropriate datasets. The ideal dataset consists of a large and diverse collection of real-world vulnerabilities, paired so as to contain both vulnerable and patched versions of each program. Naturally, collecting such datasets is a laborious and time-consuming affair. Within the specific domain of binary vulnerability discovery, previous datasets are either publicly unavailable, lack semantic diversity, involve artificially introduced vulnerabilities, or were collected using static analyzers, thereby themselves containing incorrectly labeled example programs.

In this paper, we describe a new publicly available dataset called Binpool containing examples of historically vulnerable Debian packages. The dataset was automatically curated, and contains both vulnerable and patched versions of each program, compiled at four different optimization levels. Overall, the dataset covers 254 distinct CVEs across 68 CWE classes, 84 Debian packages, and contains 2,200 binaries.

We argue that this dataset is suitable for evaluating a range of security analysis tools, including for vulnerability discovery, binary function similarity, and plagiarism detection.

Tue 24 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

10:30 - 12:30
Vulnerability 2Research Papers / Demonstrations at Pirsenteret 150
Chair(s): Xiaoxue Ren Zhejiang University
10:30
20m
Talk
Statement-level Adversarial Attack on Vulnerability Detection Models via Out-Of-Distribution Features
Research Papers
Xiaohu Du Huazhong University of Science and Technology, Ming Wen Huazhong University of Science and Technology, Haoyu Wang , Zichao Wei Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology
DOI
10:50
20m
Talk
Large Language Models for In-File Vulnerability Localization can be “Lost in the End”
Research Papers
Francesco Sovrano Collegium Helveticum, ETH Zurich, Switzerland; Department of Informatics, University of Zurich, Switzerland, Adam Bauer University of Zurich, Alberto Bacchelli University of Zurich
DOI
11:10
20m
Talk
One-for-All Does Not Work! Enhancing Vulnerability Detection by Mixture-of-Experts (MoE)
Research Papers
Xu Yang University of Manitoba, Shaowei Wang University of Manitoba, Jiayuan Zhou Huawei, Wenhan Zhu Huawei Canada
DOI
11:30
20m
Talk
Gleipner: A Benchmark for Gadget Chain Detection in Java Deserialization Vulnerabilities
Research Papers
Bruno Kreyssig Umeå University, Alexandre Bartel Umeå University
DOI
11:50
10m
Talk
BinPool: A Dataset of Vulnerabilities for Binary Security Analysis
Demonstrations
Sima Arasteh University of Southern California, Georgios Nikitopoulos Dartmouth College, University of Thessaly, Wei-Cheng Wu Dartmouth College, Nicolaas Weideman USC Information Sciences Institute, Aaron Portnoy Dartmouth College, Mukund Raghothaman University of Southern California, Christophe Hauser Dartmouth College
12:00
20m
Talk
Today's cat is tomorrow's dog: accounting for time-based changes in the labels of ML vulnerability detection approaches
Research Papers
Ranindya Paramitha University of Trento, Yuan Feng , Fabio Massacci University of Trento; Vrije Universiteit Amsterdam
DOI Pre-print
12:20
10m
Talk
KAVe: A Tool to Detect XSS and SQLi Vulnerabilities using a Multi-Agent System over a Multi-Layer Knowledge Graph
Demonstrations
Rafael Ramires LASIGE, DI, Faculdade de Ciencias da Universidade de Lisboa, Ana Respício LASIGE, DI, Faculdade de Ciencias da Universidade de Lisboa, Ibéria Medeiros LaSIGE, Faculdade de Ciências da Universidade de Lisboa, Mike Papadakis University of Luxembourg

Information for Participants
Tue 24 Jun 2025 10:30 - 12:30 at Pirsenteret 150 - Vulnerability 2 Chair(s): Xiaoxue Ren
Info for room Pirsenteret 150:

This room is located outside Clarion Hotel

This room is located in the Pirsenteret (The Pier Center) convention center. It is just outside the hotel, on the back, towards the fjord.

You should be able to go through the emergency exit at Clarion, just on the side of the Cosmos 3 wing, which will be bring you close to Pirsenteret.

The entrance to the center is from here:
https://maps.app.goo.gl/dU3qH6kAimXGBNHe7
Once inside, go all straight and you will find signage to reach the room. The room is known as room 150 inside the center.

:
:
:
: