Vulnerability Positioner (VulP): enhancing code vulnerability localization with CodeBERT
摘要
The localization of software vulnerabilities is a critical yet underexplored problem, as evidenced by the increasing need to pinpoint specific vulnerable code lines in complex software systems. This challenge necessitates machine learning methods tailored for vulnerability localization. To address this gap, we propose a novel systematic framework for fine-grained vulnerability localization in source code, named Vulnerability Positioner(VulP). The framework integrates syntax, semantics, and vulnerability context information by employing slicing techniques and a fusion layer that highlights vulnerable code regions. Firstly, slice source code based on syntax rules, generating corresponding program slices and intermediate code. Further refine these program slices by slicing the intermediate representation of code. Then, a CodeBERT-based model is designed, incorporating a fusion layer, K-max pooling layer, and average pooling layer. Validation experiments demonstrate that the proposed method surpasses existing approaches in both detection performance and localization precision, confirming the effectiveness of VulP. Additionally, the ablation experiments validate that the additional layers markedly enhance the performance of VulP.