ICSE 2024
Fri 12 - Sun 21 April 2024 Lisbon, Portugal
Thu 18 Apr 2024 12:00 - 12:15 at Sophia de Mello Breyner Andresen - AI & Security 2 Chair(s): Gabriele Bavota

Software vulnerabilities are a major cyber threat and it is important to detect them. One important approach to detecting vulnerabilities is to use deep learning while treating a program function as a whole, known as function-level vulnerability detectors. However, the limitation of this approach is not understood. In this paper, we investigate its limitation in detecting one class of vulnerabilities known as inter-procedural vulnerabilities, where the to-be-patched statements and the vulnerability-triggering statements belong to different functions. For this purpose, we create the first Inter-Procedural Vulnerability Dataset (InterPVD) based on C/C++ open-source software, and we propose a tool dubbed VulTrigger for identifying vulnerability-triggering statements across functions. Experimental results show that VulTrigger can effectively identify vulnerability-triggering statements and inter-procedural vulnerabilities. Our findings include: (i) inter-procedural vulnerabilities are prevalent with an average of 2.8 inter-procedural layers; and (ii) function-level vulnerability detectors are much less effective in detecting to-be-patched functions of inter-procedural vulnerabilities than detecting their counterparts of intra-procedural vulnerabilities.

Thu 18 Apr

Displayed time zone: Lisbon change

11:00 - 12:30
AI & Security 2Research Track / New Ideas and Emerging Results at Sophia de Mello Breyner Andresen
Chair(s): Gabriele Bavota Software Institute @ Università della Svizzera Italiana
11:00
15m
Talk
Towards Causal Deep Learning for Vulnerability Detection
Research Track
Md Mahbubur Rahman Iowa State University, Ira Ceka Columbia University, Chengzhi Mao Columbia University, Saikat Chakraborty Microsoft Research, Baishakhi Ray AWS AI Labs, Wei Le Iowa State University
11:15
15m
Talk
MetaLog: Generalizable Cross-System Anomaly Detection from Logs with Meta-Learning
Research Track
Chenyangguang Zhang Tsinghua University, Tong Jia Institute for Artificial Intelligence, Peking University, Beijing, China, Guopeng Shen Linkedsee Technology (China) Limited, Pinyan Zhu Linkedsee Technology (China) Limited, Ying Li School of Software and Microelectronics, Peking University, Beijing, China
11:30
15m
Talk
Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems
Research Track
Sicong Cao Yangzhou University, Xiaobing Sun Yangzhou University, Xiaoxue Wu Yangzhou University, David Lo Singapore Management University, Lili Bo Yangzhou University, Bin Li Yangzhou University, Wei Liu Nanjing University
Media Attached File Attached
11:45
15m
Talk
Improving Smart Contract Security with Contrastive Learning-based Vulnerability Detection
Research Track
Yizhou Chen Peking University, Zeyu Sun Institute of Software, Chinese Academy of Sciences, Zhihao Gong Peking University, Dan Hao Peking University
12:00
15m
Talk
On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities
Research Track
Zhen Li Huazhong University of Science and Technology, Ning Wang Huazhong University of Science and Technology, Deqing Zou Huazhong University of Science and Technology, Yating Li Huazhong University of Science and Technology, Ruqian Zhang Huazhong University of Science and Technology, Shouhuai Xu University of Colorado Colorado Springs, Chao Zhang Tsinghua University, Hai Jin Huazhong University of Science and Technology
Pre-print
12:15
7m
Talk
Large Language Model for Vulnerability Detection: Emerging Results and Future Directions
New Ideas and Emerging Results
Xin Zhou Singapore Management University, Singapore, Ting Zhang Singapore Management University, David Lo Singapore Management University
12:22
7m
Talk
Re(gEx|DoS)Eval: Evaluating Generated Regular Expressions and their Proneness to DoS Attacks
New Ideas and Emerging Results
Mohammed Latif Siddiq University of Notre Dame, Jiahao Zhang , Lindsay Roney University of Notre Dame, Joanna C. S. Santos University of Notre Dame
DOI Pre-print Media Attached