Draper VDisc Dataset

每年都会发现越来越多的软件漏洞，无论是公开报告的还是内部在专有代码中发现的。这些漏洞可能造成严重的利用风险，并导致系统受损、信息泄露或拒绝服务。我们利用大量可用的 C 和 C++ 开源代码来开发使用机器学习的大规模函数级漏洞检测系统。为了补充现有的标记漏洞数据集，我们编译了一个包含数百万个开源函数的庞大数据集，并使用从三个不同的静态分析器中精心挑选的发现潜在漏洞的结果进行标记。标记的数据集位于：https://osf.io/d45bw/。使用这些数据集，我们开发了一种基于深度特征表示学习的快速且可扩展的漏洞检测工具，该工具可以直接解释 lexed 源代码。我们在来自真实软件包和 NIST SAT IV 基准数据集的代码上评估了我们的工具。我们的结果表明，对源代码进行深度特征表示学习是一种很有前途的自动化软件漏洞检测方法。

An increasing number of software vulnerabilities, whether publicly reported or internally discovered in proprietary code, are identified each year. These vulnerabilities pose severe exploitation risks, potentially leading to system compromise, information leakage, or denial of service. We leverage a large corpus of publicly available C and C++ open-source code to develop a large-scale, machine learning-powered function-level vulnerability detection system. To supplement existing labeled vulnerability datasets, we compiled a massive dataset containing millions of open-source functions, and annotated it with results from three distinct static analyzers that were carefully selected to identify potential vulnerabilities. The annotated dataset is available at: https://osf.io/d45bw/. Using this dataset, we developed a fast and scalable vulnerability detection tool based on deep feature representation learning, which can directly interpret lexed source code. We evaluated our tool on code from real-world software packages and the NIST SAT IV benchmark dataset. Our results demonstrate that deep feature representation learning for source code is a promising approach for automated software vulnerability detection.