CRepair: CVAE-based Automatic Vulnerability Repair Technology

TL;DR

CRepair is a novel CVAE-based system that improves automatic vulnerability repair by incorporating diverse vulnerability features and causal inference, achieving a 52% repair success rate and advancing AI-driven security solutions.

Contribution

The paper introduces CRepair, a CVAE-based approach that effectively models vulnerability features and guides repair, addressing limitations of previous methods in localization and diversity handling.

Findings

Achieves a 52% perfect repair rate.

Outperforms existing benchmark models.

Validates effectiveness through multiple evaluation perspectives.

Abstract

Software vulnerabilities are flaws in computer software systems that pose significant threats to the integrity, security, and reliability of modern software and its application data. These vulnerabilities can lead to substantial economic losses across various industries. Manual vulnerability repair is not only time-consuming but also prone to errors. To address the challenges of vulnerability repair, researchers have proposed various solutions, with learning-based automatic vulnerability repair techniques gaining widespread attention. However, existing methods often focus on learning more vulnerability data to improve repair outcomes, while neglecting the diverse characteristics of vulnerable code, and suffer from imprecise vulnerability localization.To address these shortcomings, this paper proposes CRepair, a CVAE-based automatic vulnerability repair technology aimed at fixing security vulnerabilities in system code. We first preprocess the vulnerability data using a prompt-based method to serve as input to the model. Then, we apply causal inference techniques to map the vulnerability feature data to probability distributions. By employing multi-sample feature fusion, we capture diverse vulnerability feature information. Finally, conditional control is used to guide the model in repairing the vulnerabilities.Experimental results demonstrate that the proposed method significantly outperforms other benchmark models, achieving a perfect repair rate of 52%. The effectiveness of the approach is validated from multiple perspectives, advancing AI-driven code vulnerability repair and showing promising applications.