Page 228 - 《软件学报》2025年第7期

P. 228

邱少健等: 基于函数间结构特征关联的软件漏洞检测方法 3149

[6] Iannone E, Guadagni R, Ferrucci F, De Lucia A, Palomba F. The secret life of software vulnerabilities: A large-scale empirical study.
IEEE Trans. on Software Engineering, 2023, 49(1): 44–63. [doi: 10.1109/TSE.2022.3140868]
[7] Le THM, Chen H, Babar MA. Deep learning for source code modeling and generation: Models, applications, and challenges. ACM
Computing Surveys (CSUR), 2020, 53(3): 62. [doi: 10.1145/3383458]
[8] Liu J, Su PR, Yang M, He L, Zhang Y, Zhu XY, Lin HM. Software and cyber security-A survey. Ruan Jian Xue Bao/Journal of Software,
2018, 29(1): 42–68 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5320.htm [doi: 10.13328/j.cnki.jos.005320]
[9] Shao SH, Gao Q, Ma S, Duan FY, Ma X, Zhang SK, Hu JH. Progress in research on buffer overflow vulnerability analysis technologies.
Ruan Jian Xue Bao/Journal of Software, 2018, 29(5): 1179–1198 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/
5504.htm [doi: 10.13328/j.cnki.jos.005504]
[10] Díaz G, Bermejo JR. Static analysis of source code security: Assessment of tools against SAMATE tests. Information and Software
Technology, 2013, 55(8): 1462–1476. [doi: 10.1016/j.infsof.2013.02.005]
[11] Chakraborty S, Krishna R, Ding YRB, Ray B. Deep learning based vulnerability detection: Are we there yet? IEEE Trans. on Software
Engineering, 2022, 48(9): 3280–3296. [doi: 10.1109/TSE.2021.3087402]
[12] Bresson X, Laurent T. Residual gated graph ConvNets. arXiv:1711.07553, 2018.
[13] Johnson B, Song Y, Murphy-Hill E, Bowdidge R. Why don’t software developers use static analysis tools to find bugs? In: Proc. of the
35th Int’l Conf. on Software Engineering. San Francisco: IEEE, 2013. 672–681. [doi: 10.1109/ICSE.2013.6606613]
[14] Qasem A, Shirani P, Debbabi M, Wang LY, Lebel B, Agba BL. Automatic vulnerability detection in embedded devices and firmware:
Survey and layered taxonomies. ACM Computing Surveys, 2022, 54(2): 25. [doi: 10.1145/3432893]
[15] Tyagi Y, Shekhar S, P A, Bhardwaj S. SEEMA: An automation framework for vulnerability assessement and penetration testing. In: Proc.
of the 2nd Int’l Conf. on Vision Towards Emerging Trends in Communication and Networking Technologies. Vellore: IEEE, 2023. 1–5.
[doi: 10.1109/ViTECoN58111.2023.10157032]
[16] Chen K, Lu H, Fang BX, Sun YB, Su S, Tian ZH. Survey on automated penetration testing technology research. Ruan Jian Xue
Bao/Journal of Software, 2024, 35(5): 2268–2288 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/7038.htm [doi: 10.
13328/j.cnki.jos.007038]
[17] Louati A, Gasiba T. Source code vulnerability detection using deep learning algorithms for industrial applications. In: Proc. of the 2nd
Int’l Conf. on Ubiquitous Security. Zhangjiajie: Springer, 2022. 161–178. [doi: 10.1007/978-981-99-0272-9_11]
[18] Li Z, Zou DQ, Xu SH, Ou XY, Jin H, Wang SJ, Deng ZJ, Zhong YY. VulDeePecker: A deep learning-based system for vulnerability
detection. In: Proc. of the 25th Annual Network and Distributed Systems Security (NDSS) Symp. 2018. [doi: 10.14722/ndss.2018.23158]
[19] Lin GJ, Xiao W, Zhang J, Xiang Y. Deep learning-based vulnerable function detection: A benchmark. In: Proc. of the 21st Int’l Conf. on
Information and Communications Security. Beijing: Springer, 2020. 219–232. [doi: 10.1007/978-3-030-41579-2_13]
[20] Li N, Zhang HY, Hu ZH, Kou G, Dai HD. Automated software vulnerability detection via pre-trained context encoder and self attention.
In: Proc. of the 12th EAI Int’l Conf. on Digital Forensics and Cyber Crime. Springer, 2022. 248–264. [doi: 10.1007/978-3-031-06365-
7_15]
[21] Yamaguchi F, Golde N, Arp D, Rieck K. Modeling and discovering vulnerabilities with code property graphs. In: Proc. of the 2014 IEEE
Symp. on Security and Privacy. Berkeley: IEEE, 2014. 590–604. [doi: 10.1109/SP.2014.44]
[22] Zhang JW, Liu ZX, Hu X, Xia X, Li SP. Vulnerability detection by learning from syntax-based execution paths of code. IEEE Trans. on
Software Engineering, 2023, 49(8): 4196–4212. [doi: 10.1109/TSE.2023.3286586]
[23] Li Y, Wang SH, Nguyen TN. Vulnerability detection with fine-grained interpretations. In: Proc. of the 29th ACM Joint Meeting on
European Software Engineering Conf. and Symp. on the Foundations of Software Engineering. Athens: ACM, 2021. 292–303. [doi: 10.
1145/3468264.3468597]
[24] Wen XC, Chen YP, Gao CY, Zhang HY, Zhang JM, Liao Q. Vulnerability detection with graph simplification and enhanced graph
representation learning. In: Proc. of the 45th IEEE/ACM Int’l Conf. on Software Engineering. Melbourne: IEEE, 2023. 2275–2286. [doi:
10.1109/ICSE48619.2023.00191]
[25] Steenhoek B, Gao HY, Le W. Dataflow analysis-inspired deep learning for efficient vulnerability detection. In: Proc. of the 46th
IEEE/ACM Int’l Conf. on Software Engineering. Lisbon: ACM, 2024. 16. [doi: 10.1145/3597503.3623345]
[26] Cheng JX, Chen YZ, Cao YZ, Wang HP. A vulnerability detection framework by focusing on critical execution paths. Information and
Software Technology, 2024, 174: 107517. [doi: 10.1016/j.infsof.2024.107517]
[27] Kim D, Oh A. How to find your friendly neighborhood: Graph attention design with self-supervision. arXiv:2204.04879, 2022.
[28] Veličković P, Cucurull G, Casanova A, Romero A, Liò P, Bengio Y. Graph attention networks. arXiv:1710.10903, 2018.
[29] Joern. 2024. https://github.com/joernio/joern

223 224 225 226 227 228 229 230 231 232 233