Slicing-Based Approach for Detecting and Patching Vulnerable Code Clones
This program is tentative and subject to change.
Code cloning is a common practice in software development, but it poses significant security risks by propagating vulnerabilities across cloned segments. To address this challenge, we introduce srcVul, a scalable, precise detection approach that combines program slicing with Locality-Sensitive Hashing to identify vulnerable code clones and recommend patches. srcVul builds a database of vulnerability-related slices by analyzing known vulnerable programs and their corresponding patches, indexing each slice’s unique structural characteristics as a vulnerability slicing vector. During clone detection, srcVul efficiently matches slicing vectors from target programs with those in the database, recommending patches upon identifying similarities. Our evaluation of srcVul against three state-of-the-art vulnerable clone detectors demonstrates its accuracy, efficiency, and scalability, achieving 91% precision and 75% recall on established vulnerability databases and open-source repositories. These results highlight srcVul’s effectiveness in detecting complex vulnerability patterns across diverse codebases.
This program is tentative and subject to change.
Sun 27 AprDisplayed time zone: Eastern Time (US & Canada) change
11:00 - 12:30 | Vulnerabilities, Technical Debt, DefectsEarly Research Achievements (ERA) / Research Track / Replications and Negative Results (RENE) at 205 | ||
11:00 10mTalk | CalmDroid: Core-Set Based Active Learning for Multi-Label Android Malware Detection Research Track Minhong Dong Tiangong University, Liyuan Liu Tiangong University, Mengting Zhang Tiangong University, Sen Chen Tianjin University, Wenying He Hebei University of Technology, Ze Wang Tiangong University, Yude Bai Tianjin University | ||
11:10 10mTalk | Towards Task-Harmonious Vulnerability Assessment based on LLM Research Track Zaixing Zhang Southeast University, Chang Jianming , Tianyuan Hu Southeast University, Lulu Wang Southeast University, Bixin Li Southeast University | ||
11:20 10mTalk | Slicing-Based Approach for Detecting and Patching Vulnerable Code Clones Research Track Hakam W. Alomari Miami University, Christopher Vendome Miami University, Himal Gyawali Miami University | ||
11:30 6mTalk | Revisiting Security Practices for GitHub Actions Workflows Early Research Achievements (ERA) | ||
11:36 6mTalk | Leveraging multi-task learning to improve the detection of SATD and vulnerability Replications and Negative Results (RENE) Barbara Russo Free University of Bolzano, Jorge Melegati Free University of Bozen-Bolzano, Moritz Mock Free University of Bozen-Bolzano Pre-print | ||
11:42 10mTalk | Leveraging Context Information for Self-Admitted Technical Debt Detection Research Track Miki Yonekura Nara Institute of Science and Technology, Yutaro Kashiwa Nara Institute of Science and Technology, Bin Lin Radboud University, Kenji Fujiwara Nara Women’s University, Hajimu Iida Nara Institute of Science and Technology | ||
11:52 6mTalk | Personalized Code Readability Assessment: Are We There Yet? Replications and Negative Results (RENE) Antonio Vitale Politecnico di Torino, University of Molise, Emanuela Guglielmi University of Molise, Rocco Oliveto University of Molise, Simone Scalabrino University of Molise | ||
11:58 6mTalk | Automated Refactoring of Non-Idiomatic Python Code: A Differentiated Replication with LLMs Replications and Negative Results (RENE) Pre-print | ||
12:04 10mResearch paper | Sonar: Detecting Logic Bugs in DBMS through Generating Semantic-aware Non-Optimizing Query Research Track Shiyang Ye Zhejiang University, Chao Ni Zhejiang University, Jue Wang Nanjing University, Qianqian Pang zhejang university, Xinrui Li School of Software Technology, Zhejiang University, xiaodanxu College of Computer Science and Technology, Zhejiang university | ||
12:14 6mTalk | A Study on Applying Large Language Models to Issue Classification Replications and Negative Results (RENE) | ||
12:20 10mLive Q&A | Session's Discussion: "Vulnerabilities, Technical Debt, Defects" Research Track | ||