September 19, 2021

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

Towards Making Deep Learning-based Vulnerability Detectors Robust. (arXiv:2108.00669v1 [cs.CR])

Automatically detecting software vulnerabilities in source code is an
important problem that has attracted much attention. In particular, deep
learning-based vulnerability detectors, or DL-based detectors, are attractive
because they do not need human experts to define features or patterns of
vulnerabilities. However, such detectors’ robustness is unclear. In this paper,
we initiate the study in this aspect by demonstrating that DL-based detectors
are not robust against simple code transformations, dubbed attacks in this
paper, as these transformations may be leveraged for malicious purposes. As a
first step towards making DL-based detectors robust against such attacks, we
propose an innovative framework, dubbed ZigZag, which is centered at (i)
decoupling feature learning and classifier learning and (ii) using a
ZigZag-style strategy to iteratively refine them until they converge to robust
features and robust classifiers. Experimental results show that the ZigZag
framework can substantially improve the robustness of DL-based detectors.