TL;DR
This paper introduces ALP, an active learning approach that improves API misuse detection by identifying discriminative subgraph patterns, reducing false positives, and effectively leveraging limited human supervision.
Contribution
ALP reformulates API misuse detection as a classification problem using discriminative subgraph mining and active learning to enhance accuracy and reduce labeling effort.
Findings
ALP outperforms prior methods on MUBench benchmark.
ALP effectively reduces false positives in misuse detection.
Limited supervision with ALP achieves high detection accuracy.
Abstract
A common cause of bugs and vulnerabilities are the violations of usage constraints associated with Application Programming Interfaces (APIs). API misuses are common in software projects, and while there have been techniques proposed to detect such misuses, studies have shown that they fail to reliably detect misuses while reporting many false positives. One limitation of prior work is the inability to reliably identify correct patterns of usage. Many approaches confuse a usage pattern's frequency for correctness. Due to the variety of alternative usage patterns that may be uncommon but correct, anomaly detection-based techniques have limited success in identifying misuses. We address these challenges and propose ALP (Actively Learned Patterns), reformulating API misuse detection as a classification problem. After representing programs as graphs, ALP mines discriminative subgraphs. While…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
