Upgrade to Pro — share decks privately, control downloads, hide ads and more …

VulRepair: A T5-Based Automated Software Vulnerability Repair

Chakkrit (Kla) Tantithamthavorn
November 26, 2022
Technology
0
34

VulRepair: A T5-Based Automated Software Vulnerability Repair

As software vulnerabilities grow in volume and complexity, researchers proposed various Artificial Intelligence (AI)-based approaches to help under-resourced security analysts to find, detect, and localize vulnerabilities. However, security analysts still have to spend a huge amount of effort to manually fix or repair such vulnerable functions. Recent work proposed an NMT-based Automated Vulnerability Repair, but it is still far from perfect due to various limitations. In this paper, we propose VulRepair, a T5-based automated software vulnerability repair approach that leverages the pre-training and BPE components to address various technical limitations of prior work. Through an extensive experiment with over 8,482 vulnerability fixes from 1,754 real-world software projects, we find that our VulRepair achieves a Perfect Prediction of 44%, which is 13%-21% more accurate than competitive baseline approaches. These results lead us to conclude that our VulRepair is considerably more accurate than two baseline approaches, highlighting the substantial advancement of NMT-based Automated Vulnerability Repairs. Our additional investigation also shows that our VulRe-pair can accurately repair as many as 745 out of 1,706 real-world well-known vulnerabilities (e.g., Use After Free, Improper Input Validation , OS Command Injection), demonstrating the practicality and significance of our VulRepair for generating vulnerability repairs, helping under-resourced security analysts on fixing vulnerabilities.

Chakkrit (Kla) Tantithamthavorn

November 26, 2022
Tweet

More Decks by Chakkrit (Kla) Tantithamthavorn

See All by Chakkrit (Kla) Tantithamthavorn
Software Engineering in the Age of Generative AI
klainfo
0
100
AIBugHunter 2.0: Automated Defect Prediction, Explanation, Localization, and Repair
klainfo
0
53
SQAPlanner: Generating Data-Informed Software Quality Improvement Plans -- A Journal-First Presentation
klainfo
0
180
Explainable AI for Software Engineering (https://xai4se.github.io/)
klainfo
0
290

Other Decks in Technology

See All in Technology
[新卒向け研修資料] テスト文字列に「うんこ」と入れるな(2024年版)
infiniteloop_inc
4
18k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
37k
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
15
35k
今日からできる!簡単 .NET 高速化 Tips -2024 edition-
xin9le
7
3.7k
認知症フレンドリーテックとスタックチャン
naokiuc
0
180
チームでロジカルシンキングに改めて向き合っている話 〜学習環境と実践⽅法〜
sansantech
PRO
3
3.2k
The AI Revolution Will Not Be Monopolized: Behind the scenes
inesmontani
PRO
1
160
開発パフォーマンスを最大化するための開発体制
ham0215
7
1.1k
AWS学習者向けにAzureの解説スライドを作成した話
handy
3
190
.NET Profiler in 2024.
kkamegawa
2
1.1k
止まらないLinuxシステムを構築する_高信頼性クラスタ入門
koedoyoshida
1
170
M5stackで使用できるpHセンサの開発
shinrinakamura
0
120

Featured

See All Featured
In The Pink: A Labor of Love
frogandcode
138
21k
What's new in Ruby 2.0
geeforr
337
31k
How to Ace a Technical Interview
jacobian
273
22k
A designer walks into a library…
pauljervisheath
201
23k
Designing with Data
zakiwarfel
96
4.8k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
228
16k
The Cost Of JavaScript in 2023
addyosmani
21
3.9k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
The Straight Up "How To Draw Better" Workshop
denniskardys
228
130k
Adopting Sorbet at Scale
ufuk
69
8.6k
The Cult of Friendly URLs
andyhume
74
5.7k
Facilitating Awesome Meetings
lara
43
5.6k

Transcript

  1. @klainfo http://chakkrit.com Michael Fu Kla Tantithamthavorn Dinh Phung Accepted at

    The ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2022 VulRepair: A T5-based Automated Software Vulnerability Repair Trung Le Van Nguyễn

  2. Cybercrimes Are Costly Vulnerabilities are security flaws in code that

    attackers can exploit to harm organisations and communities.

  3. Cybercrimes Are Costly According to the National Vulnerability Database, the

    software vulnerabilities discovered every year have skyrocketed from 4k in 2011 to 20k in 2021. Vulnerabilities are security flaws in code that attackers can exploit to harm organisations and communities.

  4. Cybercrimes Are Costly The global cost of cybercrime is also

    estimated to reach $10.5 trillion USD by 2025 – up from $3 trillion in 2015. According to the National Vulnerability Database, the software vulnerabilities discovered every year have skyrocketed from 4k in 2011 to 20k in 2021. Vulnerabilities are security flaws in code that attackers can exploit to harm organisations and communities.

  5. AI-Powered Vulnerability Solutions Vulnerability Detection 
 (e.g., VulDeePecker, Devign)

  6. AI-Powered Vulnerability Solutions Vulnerability Detection 
 (e.g., VulDeePecker, Devign) Vulnerability

    Localization 
 (e.g., LineVul, LineVD)

  7. AI-Powered Vulnerability Solutions Vulnerability Detection 
 (e.g., VulDeePecker, Devign) Vulnerability

    Localization 
 (e.g., LineVul, LineVD) Security analysts still have to spend effort on manually fixing and repairing vulnerabilities

  8. NMT-based Vulnerability Repair (VRepair, Chen et al) Zimin Chen, Steve

    Kommrusch, and Martin Monperrus, Neural Transfer Learning for Repairing Security Vulnerabilities in C Code, IEEE Transactions on Software Engineering (TSE), 2021. Vulnerable Functions Vector Representation A Vanilla Transformer Repair Candidates Word-level 
 Tokenization

  9. NMT-based Vulnerability Repair (VRepair, Chen et al) Zimin Chen, Steve

    Kommrusch, and Martin Monperrus, Neural Transfer Learning for Repairing Security Vulnerabilities in C Code, IEEE Transactions on Software Engineering (TSE), 2021. Vulnerable Functions Vector Representation A Vanilla Transformer Repair Candidates Word-level 
 Tokenization 1 Leverages a small bug-fix corpus of 23k functions for model pre-training, 
 limiting its ability to generate optimal vector representation.

  10. NMT-based Vulnerability Repair (VRepair, Chen et al) Zimin Chen, Steve

    Kommrusch, and Martin Monperrus, Neural Transfer Learning for Repairing Security Vulnerabilities in C Code, IEEE Transactions on Software Engineering (TSE), 2021. Vulnerable Functions Vector Representation A Vanilla Transformer Repair Candidates Word-level 
 Tokenization 2 Leverages a word-level tokenization, limiting its ability to generate new tokens that never appear in a vulnerable function. 1 Leverages a small bug-fix corpus of 23k functions for model pre-training, 
 limiting its ability to generate optimal vector representation.

  11. NMT-based Vulnerability Repair (VRepair, Chen et al) Zimin Chen, Steve

    Kommrusch, and Martin Monperrus, Neural Transfer Learning for Repairing Security Vulnerabilities in C Code, IEEE Transactions on Software Engineering (TSE), 2021. Vulnerable Functions Vector Representation A Vanilla Transformer Repair Candidates Word-level 
 Tokenization 3 Leverages a Vanilla Transformer, limiting its ability to learn the relative position information of code tokens. 2 Leverages a word-level tokenization, limiting its ability to generate new tokens that never appear in a vulnerable function. 1 Leverages a small bug-fix corpus of 23k functions for model pre-training, 
 limiting its ability to generate optimal vector representation.

  12. VulRepair: A T5-based Vulnerability Repair Pre-trained on large code base

    -> Effectively generate more meaningful vector representation. BPE subword tokenisation -> Effectively generate unknown code tokens. Relative positional encoding -> Effectively capture the location of each token.

  13. Research Questions & Experimental Setup RQ1 What is the accuracy

    of our VulRepair for generating software vulnerability repairs?

  14. Research Questions & Experimental Setup RQ1 What is the accuracy

    of our VulRepair for generating software vulnerability repairs? RQ2 What is the benefit of using a pre-training component for vulnerability repairs?

  15. Research Questions & Experimental Setup RQ1 What is the accuracy

    of our VulRepair for generating software vulnerability repairs? RQ2 What is the benefit of using a pre-training component for vulnerability repairs? RQ3 What is the benefit of using BPE tokenization for vulnerability repairs?

  16. Research Questions & Experimental Setup RQ1 What is the accuracy

    of our VulRepair for generating software vulnerability repairs? RQ2 What is the benefit of using a pre-training component for vulnerability repairs? RQ3 What is the benefit of using BPE tokenization for vulnerability repairs? RQ4 What are the contributions of the components of our VulRepair?

  17. Research Questions & Experimental Setup RQ1 What is the accuracy

    of our VulRepair for generating software vulnerability repairs? RQ2 What is the benefit of using a pre-training component for vulnerability repairs? RQ3 What is the benefit of using BPE tokenization for vulnerability repairs? RQ4 What are the contributions of the components of our VulRepair? Datasets: CVE-Fixes and Big-Vul (a total of 8K pairs) Split: Same as Chen et al, 70% for training, 10% for validation, and 20% for testing Baselines: CodeBERT and VRepair (Chen et al)

  18. RQ1 What is the accuracy of our VulRepair for generating

    vulnerability repairs? Our VulRepair achieves a Perfect Prediction of 44%, which is 13%-21% more accurate than the baseline approaches.

  19. RQ1 What is the accuracy of our VulRepair for generating

    vulnerability repairs? Our VulRepair achieves a Perfect Prediction of 44%, which is 13%-21% more accurate than the baseline approaches. RQ2 What is the benefit of using a pre-training component for vulnerability repairs? The PL/NL-based pre-training corpus improves the percentage of perfect predictions by 30%-38% for vulnerability repair approaches.

  20. RQ3 What is the benefit of using BPE tokenization for

    vulnerability repairs? BPE improves the percentage of perfect predictions by 9%-14% for vulnerability repair approaches.

  21. RQ3 What is the benefit of using BPE tokenization for

    vulnerability repairs? BPE improves the percentage of perfect predictions by 9%-14% for vulnerability repair approaches. RQ4 What are the contributions of the components of our VulRepair? The pre-training component of our VulRepair is the most important component.

  22. VulRepair can accurately repair as many as 745 out of

    1,706 real-world well-known vulnerabilities (e.g., Use After Free, Improper Input Validation, OS Command Injection) RQ3 What is the benefit of using BPE tokenization for vulnerability repairs? BPE improves the percentage of perfect predictions by 9%-14% for vulnerability repair approaches. RQ4 What are the contributions of the components of our VulRepair? The pre-training component of our VulRepair is the most important component.

  23. Q1 What types of CWEs that our VulRepair can correctly

    repair? To handle rare vulnerabilities in the dataset Our VulRepair can correctly repair 38% of the vulnerable functions affected by the Top-10 most dangerous CWEs, but cannot accurately repair for some types of rare vulnerabilities.

  24. Q1 What types of CWEs that our VulRepair can correctly

    repair? To handle rare vulnerabilities in the dataset Our VulRepair can correctly repair 38% of the vulnerable functions affected by the Top-10 most dangerous CWEs, but cannot accurately repair for some types of rare vulnerabilities. Q2 How Do the Function Lengths and Repair Lengths Impact the Accuracy of Our VulRepair? The accuracy of our VulRepair depends on the size of the vulnerable functions and its difficulty to repair. To handle difficult & complex repairs
  25. None
  26. None
  27. None
  28. None