VulWeitor: a system for clone vulnerability detection using weighted code
摘要
Detecting and locating clone vulnerabilities in source code is essential for software maintenance and evolution. Although researchers have proposed many methods and tools for clone vulnerability detection, traditional methods fail to consider the sensitivity of code statements to vulnerabilities and do not adequately characterize the vulnerability features. As a result, the accuracy of the detection results is low, and the detection outcomes do not provide any guidance for remediation efforts. In this paper, we propose VulWeitor, a novel vulnerable code clone detection system that employs weighted code to detect clone vulnerabilities in source code. By performing program slicing on vulnerable and patched functions, VulWeitor generates the weight value of each code statement, along with vulnerability and patch feature information, thereby precisely characterizing the vulnerability features. We develop a CVE-oriented analysis method that generates a severity index for each detection result, facilitating developer verification, especially in scenarios with multiple functions. Experimental results demonstrate the effectiveness of our approach in detecting vulnerable code clones, with a precision of 92% and a recall of 87%, outperforming state-of-the-art comparative systems.