Overview
Explore a cutting-edge approach to vulnerability detection in source code through this conference talk from USENIX Security '23. Dive into VulChecker, a novel tool that precisely locates and classifies vulnerabilities down to the exact instruction level. Learn about the innovative program representation, slicing strategy, and message-passing graph neural network that enable VulChecker to utilize code semantics and improve vulnerability detection. Discover a new data augmentation strategy for creating robust datasets using synthetic samples. Examine VulChecker's impressive performance in identifying CVEs and uncovering a zero-day vulnerability in real-world projects. Gain insights into the future of automated vulnerability detection and its potential impact on software development security.
Syllabus
USENIX Security '23 - VulChecker: Graph-based Vulnerability Localization in Source Code
Taught by
USENIX