VulSniper: Focus Your Attention to Shoot Fine-Grained Vulnerabilities
Authors: Xu Duan, Jingzheng Wu, Shouling Ji, Zhiqing Rui, Tianyue Luo, Mutian Yang, Yanjun Wu
IJCAI 2019 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Vul Sniper achieves F1-scores of 80.6% and 73.3% on the two benchmark datasets, the SARD Buffer Error dataset and the SARD Resource Management Error dataset respectively, which are significantly higher than those of the state-of-the-art methods. |
| Researcher Affiliation | Collaboration | 1Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences 2School of Computer & Communication Engineering, University of Science and Technology Beijing 3State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences 4College of Computer Science and Technology, Zhejiang University 5Artificial Intelligence Academy, University of Chinese Academy of Sciences 6Beijing Vu Lab Technology Co.Ltd |
| Pseudocode | No | The paper describes the methodology using text and diagrams but does not include any explicit pseudocode or algorithm blocks. |
| Open Source Code | No | The paper mentions using Joern, an open-source tool, but does not provide any specific links or statements about the availability of their own source code for Vul Sniper. |
| Open Datasets | Yes | SARD is a project maintained by NIST, which has a large number of production, synthetic, and academic security defects or vulnerabilities. The reason we use SARD as our data source is that the data in SARD has both vulnerable versions and non-vulnerable versions, which implies that it can effectively evaluate whether a model has good fine-grained vulnerability detection capabilities. https://www.nist.gov/ |
| Dataset Splits | Yes | In addition, we divide the datasets into a training set, a validation set, and a test set with a ratio of 6:2:2, which is similar to the common approaches. |
| Hardware Specification | Yes | We run our experiments on a machine with 32G RAM, 2T SSD and two Intel Xeon E7-4809 v4 CPUs operating at 2.10GHz. |
| Software Dependencies | No | The paper mentions 'Joern3' as a tool used but does not provide specific version numbers for it or any other software dependencies. |
| Experiment Setup | No | The paper describes the model architecture and data processing steps but does not provide specific hyperparameter values (e.g., learning rate, batch size, number of epochs) or detailed training configurations. |