当前位置:
X-MOL 学术
›
Future Gener. Comput. Syst.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
LineJLocRepair: A line-level method for Automated Vulnerability Repair based on joint training
Future Generation Computer Systems ( IF 6.2 ) Pub Date : 2024-12-20 , DOI: 10.1016/j.future.2024.107671 Jing Hou, Jiaxuan Han, Cheng Huang, Nannan Wang, Lerong Li
Future Generation Computer Systems ( IF 6.2 ) Pub Date : 2024-12-20 , DOI: 10.1016/j.future.2024.107671 Jing Hou, Jiaxuan Han, Cheng Huang, Nannan Wang, Lerong Li
In recent years, the progress in large language models has made automatic vulnerability repair a viable solution. Security researchers have proposed a series of Automated Vulnerability Repair (AVR) methods. However, for AVR models to be effective, precise identification of the vulnerability trigger points (i.e., the exact lines of code where the vulnerability resides) is essential. Although current vulnerability detection methods can highlight the relevant lines of code, their accuracy remains suboptimal. Consequently, there is still a necessity for manual refinement of the detection outcomes, which is both time-consuming and labor-intensive. To tackle this challenge, this paper introduces LineJLocRepair , an end-to-end approach for automated vulnerability localization and repair. Grounded on a joint framework, this method seamlessly integrates the tasks of vulnerability localization and repair, thereby enabling simultaneous training of vulnerability localization and repair models. Our approach enables the automatic identification and repair of vulnerable code lines simply by inputting the vulnerable function into our model, which subsequently generates the patched code as output. Experimental results demonstrate that compared to state-of-the-art AVR methods, LineJLocRepair achieves a 12% improvement, effectively repairing 600 out of 1200 real-world vulnerabilities. Furthermore, when benchmarked against the leading methods for vulnerability line localization, LineJLocRepair attains a 32% improvement, achieving an accuracy rate exceeding 99% in pinpointing vulnerable code lines. These results substantiate the effectiveness of our approach in reducing manual intervention during automated vulnerability repair, thereby enhancing both the degree of automation and the accuracy of the repair process.
中文翻译:
LineJLocRepair:一种基于联合训练的自动漏洞修复的线级方法
近年来,大型语言模型的进步使自动漏洞修复成为一种可行的解决方案。安全研究人员提出了一系列自动漏洞修复 (AVR) 方法。但是,要使 AVR 模型有效,必须精确识别漏洞触发点(即漏洞所在的确切代码行)。尽管当前的漏洞检测方法可以突出显示相关的代码行,但它们的准确性仍然不理想。因此,仍然需要手动细化检测结果,这既耗时又费力。为了应对这一挑战,本文介绍了 LineJLocRepair,这是一种用于自动漏洞定位和修复的端到端方法。该方法基于联合框架,无缝集成漏洞定位和修复任务,从而实现漏洞定位和修复模型的同步训练。我们的方法只需将易受攻击的函数输入到我们的模型中,即可自动识别和修复易受攻击的代码行,随后生成修补后的代码作为输出。实验结果表明,与最先进的 AVR 方法相比,LineJLocRepair 实现了 12% 的改进,有效修复了 1200 个实际漏洞中的 600 个。此外,当与领先的漏洞行定位方法进行基准测试时,LineJLocRepair 实现了 32% 的改进,在精确定位易受攻击的代码行方面实现了超过 99% 的准确率。 这些结果证实了我们的方法在减少自动漏洞修复过程中的人工干预方面的有效性,从而提高了修复过程的自动化程度和准确性。
更新日期:2024-12-20
中文翻译:
LineJLocRepair:一种基于联合训练的自动漏洞修复的线级方法
近年来,大型语言模型的进步使自动漏洞修复成为一种可行的解决方案。安全研究人员提出了一系列自动漏洞修复 (AVR) 方法。但是,要使 AVR 模型有效,必须精确识别漏洞触发点(即漏洞所在的确切代码行)。尽管当前的漏洞检测方法可以突出显示相关的代码行,但它们的准确性仍然不理想。因此,仍然需要手动细化检测结果,这既耗时又费力。为了应对这一挑战,本文介绍了 LineJLocRepair,这是一种用于自动漏洞定位和修复的端到端方法。该方法基于联合框架,无缝集成漏洞定位和修复任务,从而实现漏洞定位和修复模型的同步训练。我们的方法只需将易受攻击的函数输入到我们的模型中,即可自动识别和修复易受攻击的代码行,随后生成修补后的代码作为输出。实验结果表明,与最先进的 AVR 方法相比,LineJLocRepair 实现了 12% 的改进,有效修复了 1200 个实际漏洞中的 600 个。此外,当与领先的漏洞行定位方法进行基准测试时,LineJLocRepair 实现了 32% 的改进,在精确定位易受攻击的代码行方面实现了超过 99% 的准确率。 这些结果证实了我们的方法在减少自动漏洞修复过程中的人工干预方面的有效性,从而提高了修复过程的自动化程度和准确性。
京公网安备 11010802027423号