VulFewShot:利用对比学习改进少样本漏洞分类

VulFewShot:Improving Few-shot Vulnerability Classification by Contrastive Learning

下载PDF

导出

摘要为了对漏洞进行细粒度检测,理想的模型必须确定软件是否包含漏洞,并确定漏洞的类型(即进行漏洞分类).一系列深度学习模型在漏洞分类任务中取得了良好的整体性能.然而,观察到不同漏洞类型之间存在严重的数据不平衡.许多漏洞类型只有少量的漏洞样本(称为少样本类型),这导致了对少样本类型的分类性能和泛化能力较差.为了提高少样本漏洞类型的分类性能,实现VulFewShot.这种基于对比学习的漏洞分类框架通过使相同类型的漏洞样本“接近”,同时使不同类型的漏洞样本彼此“远离”,从而为仅有少数漏洞样本类型赋予了更多的权重.实验结果表明,VulFewShot可以提高对所有类型漏洞的分类性能.类型包含的漏洞样本数量越少,改进就越显著.因此,VulFewShot可以提高样本不足的漏洞的分类性能,并减少样本量对学习过程的影响. To perform fine-grained vulnerability detection,an ideal model must determine whether software contains vulnerabilities and identify the type of vulnerability(i.e.,perform vulnerability classification).A series of deep learning models have demonstrated strong overall performance in vulnerability classification tasks.However,a severe data imbalance exists across different vulnerability types.Many vulnerability types are represented by only a small number of samples(referred to as few-shot types in this study),resulting in poor classification performance and generalization for these few-shot types.To enhance classification performance for these types,VulFewShot is proposed.This contrastive learning-based vulnerability classification framework assigns more weight to few-shot types by bringing samples of the same type closer together while keeping samples from different types further apart.Experimental results show that VulFewShot improves classification performance across all vulnerability types.The smaller the number of samples for a given type,the more significant the improvement.Therefore,VulFewShot improves classification performance for vulnerabilities with limited samples and mitigates the impact of sample size on the learning process.

作者吴月明张笑睿李志刘恺麟邹德清金海 WU Yue-Ming;ZHANG Xiao-Rui;LI Zhi;LIU Kai-Lin;ZOU De-Qing;JIN Hai(National Engineering Research Center for Big Data Technology and System,Wuhan 430074,China;Services Computing Technology and System Lab,Wuhan 430074,China;Hubei Key Laboratory of Distributed System Security,Wuhan 430074,China;Hubei Engineering Research Center on Big Data Security,Wuhan 430074,China;Jinyinhu Laboratory,Wuhan 430074,China;Cluster and Grid Computing Lab,Wuhan 430074,China;School of Cyber Science and Engineering,Huazhong University of Science and Technology,Wuhan 430074,China;School of Computer Science and Technology,Huazhong University of Science and Technology,Wuhan 430074,China)

机构地区大数据技术与系统国家地方联合工程研究中心服务计算技术与系统教育部重点实验室分布式系统安全湖北省重点实验室大数据安全湖北省工程研究中心金银湖实验室集群与网格计算湖北省重点实验室华中科技大学网络空间安全学院华中科技大学计算机科学与技术学院

出处《软件学报》北大核心 2025年第12期5495-5511,共17页 Journal of Software

基金国家自然科学基金(62202191)。

关键词漏洞分类少样本对比学习 vulnerability classification few shot contrastive learning

分类号 TP311 [自动化与计算机技术—计算机软件与理论]

引文网络
相关文献

1陈慧,孙文磊.基于深度学习改进的轻量化安全帽佩戴检测算法[J].滁州学院学报,2025,27(5):40-46.
2刘伟,马东杰,裴晓英.网络安全中常见漏洞与防御技术措施分析[J].传奇天下,2023(13):214-216.
3黄婷红,陈俊超.混合式教学模式下高职学生手机依赖治理与优化[J].故事家(上),2025(43):0214-0216.
4张锁会.小学语文低年级段过程性评价的几点思考[J].文学少年,2025(15):0126-0128.
5郑小平.深度学习下初中物理实验“5E”教学模式的实践研究[J].物理通报,2025(11):104-108.
6王立红.基于英语作业优化设计的初中生自主学习能力提升策略探析[J].课堂内外(初中版),2025(37):149-151.
7朱珠,娄航宇.多目标投资组合优化问题的学习型NSGA-Ⅱ[J].东北大学学报(自然科学版),2025,46(9):17-24.
8李浴淑,邢颖,陆思奇,潘恒,柴森春,斯雪明.基于深度学习的函数体切片级C/C++智能合约漏洞检测工具[J].计算机应用,2025,45(11):3493-3501.
9任官荣,高见,胡驷驹.基于动态行为链和会话变异的API访问控制漏洞自动化检测方法[J].计算机应用研究,2025,42(12):3744-3751.
10朱晓峰.生成式人工智能个人信息侵权因果关系不明时的责任认定[J].政法论坛,2025,43(6):18-33.

软件学报

2025年第12期

浏览历史

内容加载中请稍等...

VulFewShot:利用对比学习改进少样本漏洞分类

相关作者

相关机构

相关主题

浏览历史