Page 128 - 《软件学报》2025年第12期

P. 128

吴月明等: VulFewShot: 利用对比学习改进少样本漏洞分类 5509

tool. IEEE Trans. on Software Engineering, 2019, 45(9): 877–897. [doi: 10.1109/TSE.2018.2810116]
[9] Aloraini B, Nagappan M, German DM, Hayashi S, Higo Y. An empirical study of security warnings from static application security
testing tools. Journal of Systems and Software, 2019, 158: 110427. [doi: 10.1016/j.jss.2019.110427]
[10] Yamaguchi F, Lindner F, Rieck K. Vulnerability extrapolation: Assisted discovery of vulnerabilities using machine learning. In: Proc. of
the 5th USENIX Workshop on Offensive Technologies. San Francisco: USENIX Association, 2011.
[11] Walden J, Stuckman J, Scandariato R. Predicting vulnerable components: Software metrics vs. text mining. In: Proc. of the 25th IEEE Int’l
Symp. on Software Reliability Engineering. IEEE, 2014. 23–33.
[12] Harer JA, Kim LY, Russell RL, Ozdemir O, Kosta LR, Rangamani A, Hamilton LH, Centeno GI, Key JR, Ellingwood PM, Antelman E,
Mackay A, McConley MW, Opper JM, Chin P, Lazovich T. Automated software vulnerability detection with machine learning. arXiv:
1803.04497, 2018.
[13] Lee YJ, Choi SH, Kim C, Lim SH, Park KW. Learning binary code with deep learning to detect software weakness. 2017. http://syscore.
sejong.ac.kr/~woongbak/publications/C37.pdf
[14] Russell R, Kim L, Hamilton L, Lazovich T, Harer J, Ozdemir O, Ellingwood P, McConley M. Automated vulnerability detection in
source code using deep representation learning. In: Proc. of the 17th IEEE Int’l Conf. on Machine Learning and Applications (ICMLA).
Orlando: IEEE, 2018. 757–762. [doi: 10.1109/ICMLA.2018.00120]
[15] Shar LK, Tan HBK. Predicting common Web application vulnerabilities from input validation and sanitization code patterns. In: Proc. of
the 27th IEEE/ACM Int’l Conf. on Automated Software Engineering. Essen: IEEE, 2012. 310–313. [doi: 10.1145/2351676.2351733]
[16] Li Z, Zou DQ, Xu SH, Ou XY, Jin H, Wang SJ, Deng ZJ, Zhong YY. VulDeePecker: A deep learning-based system for vulnerability
detection. arXiv:1801.01681, 2018.
[17] Lin GJ, Zhang J, Luo W, Pan L, Xiang Y. POSTER: Vulnerability discovery with function representation learning from unlabeled
projects. In: Proc. of the 2017 ACM SIGSAC Conf. on Computer and Communications Security. Dallas: ACM, 2017. 2539–2541. [doi:
10.1145/3133956.3138840]
[18] Lin GJ, Zhang J, Luo W, Pan L, Xiang Y, De Vel O, Montague P. Cross-project transfer representation learning for vulnerable function
discovery. IEEE Trans. on Industrial Informatics, 2018, 14(7): 3289–3297. [doi: 10.1109/TII.2018.2821768]
[19] Duan X, Wu JZ, Ji SL, Rui ZQ, Luo TY, Yang MT, Wu YJ. VulSniper: Focus your attention to shoot fine-grained vulnerabilities. In:
Proc. of the 28th Int’l Joint Conf. on Artificial Intelligence. Macao: AAAI, 2019. 4665–4671.
[20] Li Z, Zou DQ, Xu SH, Jin H, Zhu YW, Chen ZX. SySeVR: A framework for using deep learning to detect software vulnerabilities. IEEE
Trans. on Dependable and Secure Computing, 2022, 19(4): 2244–2258. [doi: 10.1109/TDSC.2021.3051525]
[21] Zhou YQ, Liu SQ, Siow J, Du XN, Liu Y. Devign: Effective vulnerability identification by learning comprehensive program semantics
via graph neural networks. In: Proc. of the 33rd Int’l Conf. on Neural Information Processing Systems. Vancouver: Curran Associates
Inc., 2019. 10197–10207.
[22] Wu YM, Zou DQ, Dou SH, Yang W, Xu D, Jin H. VulCNN: An image-inspired scalable vulnerability detection system. In: Proc. of the
44th IEEE/ACM Int’l Conf. on Software Engineering (ICSE). Pittsburgh: IEEE, 2022. 2365–2376. [doi: 10.1145/3510003.3510229]
[23] Zou DQ, Wang SJ, Xu SH, Li Z, Jin H. µVulDeePecker: A deep learning-based system for multiclass vulnerability detection. IEEE Trans.
on Dependable and Secure Computing, 2021, 18(5): 2224–2236. [doi: 10.1109/TDSC.2019.2942930]
[24] Fan LL, Su T, Chen S, Meng GZ, Liu Y, Xu LH, Pu GG, Su ZD. Large-scale analysis of framework-specific exceptions in Android
APPs. In: Proc. of the 40th IEEE/ACM Int’l Conf. on Software Engineering (ICSE). Gothenburg: IEEE, 2018. 408–419. [doi: 10.1145/
3180155.3180222]
[25] Tang CB, Chen S, Fan LL, Xu LH, Liu Y, Tang ZS, Dou L. A large-scale empirical study on industrial fake APPs. In: Proc. of the 41st
IEEE/ACM Int’l Conf. on Software Engineering: Software Engineering in Practice (ICSE-SEIP). Montreal: IEEE, 2019. 183–192. [doi:
10.1109/ICSE-SEIP.2019.00028]
[26] Evangelista JF. Cybersecurity vulnerability classification utilizing natural language processing methods [Ph.D. Thesis]. Washington: The
George Washington University, 2021.
[27] Siewruk G, Mazurczyk W. Context-aware software vulnerability classification using machine learning. IEEE Access, 2021, 9:
88852–88867. [doi: 10.1109/ACCESS.2021.3075385]
[28] Wang Q, Li YZ, Wang Y, Ren JD. An automatic algorithm for software vulnerability classification based on CNN and GRU. Multimedia
Tools and Applications, 2022, 81(5): 7103–7124. [doi: 10.1007/s11042-022-12049-1]
[29] Yuan X, Lin GJ, Tai YH, Zhang J. Deep neural embedding for software vulnerability discovery: Comparison and optimization. Security
and Communication Networks, 2022, 2022: 5203217. [doi: 10.1155/2022/5203217]
[30] Hin D, Kan A, Chen HM, Babar MA. LineVD: Statement-level vulnerability detection using graph neural networks. arXiv:2203.05181,

123 124 125 126 127 128 129 130 131 132 133