Prior studies generally focus on software vulnerability detection and have demonstrated the effectiveness of Graph Neural Network (GNN)-based approaches for the task. Considering the various types of software vulnerabilities and the associated different degrees of severity, it is also beneficial to determine the type of each vulnerable code for developers. In this paper, we observe that the distribution of vulnerability type is long-tailed in practice, where a small portion of classes have massive samples (i.e., head classes) but the others contain only a few samples (i.e., tail classes). Directly adopting previous vulnerability detection approaches tends to result in poor detection performance, mainly due to two reasons. First, it is difficult to effectively learn the vulnerability representation due to the over-smoothing issue of GNNs. Second, vulnerability types in tails are hard to be predicted due to the extremely few associated samples.To alleviate these issues, we propose a Long-taIled software VulnerABiLity typE classification approach, called LIVABLE. LIVABLE mainly consists of two modules, including (1) vulnerability representation learning module, which improves the propagation steps in GNN to distinguish node representations by a differentiated propagation method. A sequence-to-sequence model is also involved to enhance the vulnerability representations. (2) adaptive re-weighting module, which adjusts the learning weights for different types according to the training epochs and numbers of associated samples by a novel training loss.
翻译:先前研究通常聚焦于软件漏洞检测,并证明了基于图神经网络(GNN)的方法在该任务中的有效性。考虑到不同类型软件漏洞及其对应的严重程度差异,确定每个易受攻击代码的类型对开发者同样有益。本文观察到,实际中漏洞类型的分布呈现长尾特征:少数类别拥有大量样本(即头部类),而其他类别仅含少量样本(即尾部类)。直接沿用先前漏洞检测方法往往导致检测性能不佳,主要原因有二:其一,由于GNN的过平滑问题,难以有效学习漏洞表征;其二,因尾部类相关样本极少,难以预测这些漏洞类型。针对上述问题,我们提出了一种长尾软件漏洞类型分类方法,命名为LIVABLE。LIVABLE主要由两个模块组成:(1)漏洞表征学习模块,该模块通过差异化传播方法改进GNN中的传播步骤以区分节点表征,并引入序列到序列模型增强漏洞表征;(2)自适应重加权模块,该模块通过新型训练损失根据训练轮次和相关样本数量调整不同类别的学习权重。