TL;DR
This paper introduces VRepair, a transfer learning approach that leverages large bug fix datasets to improve automatic repair of security vulnerabilities in C code, demonstrating significant performance gains.
Contribution
The paper presents VRepair, the first transfer learning-based method for vulnerability repair in C, effectively utilizing bug fix data to enhance vulnerability fixing capabilities.
Findings
Transfer learning improves vulnerability repair in C.
Model trained on bug fixes can fix some vulnerabilities.
Transfer learning outperforms denoising-based fine-tuning.
Abstract
In this paper, we address the problem of automatic repair of software vulnerabilities with deep learning. The major problem with data-driven vulnerability repair is that the few existing datasets of known confirmed vulnerabilities consist of only a few thousand examples. However, training a deep learning model often requires hundreds of thousands of examples. In this work, we leverage the intuition that the bug fixing task and the vulnerability fixing task are related and that the knowledge learned from bug fixes can be transferred to fixing vulnerabilities. In the machine learning community, this technique is called transfer learning. In this paper, we propose an approach for repairing security vulnerabilities named VRepair which is based on transfer learning. VRepair is first trained on a large bug fix corpus and is then tuned on a vulnerability fix dataset, which is an order of…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsRepair
