VinJ: An Automated Tool for Large-Scale Software Vulnerability Data Generation
We present VinJ, an efficient automated tool for large-scale diverse vulnerability data generation. VinJ automatically generates vulnerability data by injecting vulnerabilities into given programs, based on knowledge learned from the existing vulnerability data. VinJ is built on the collaboration of pattern-based and deep learning (DL)-based approaches. More importantly, VinJ is efficient and scalable with the parallel clustering and the pre-ranked vulnerability-injection patterns, which supports large-scale vulnerability data generation. VinJ is able to generate diverse vulnerability data covering 18 CWEs with 69% success rate and generate 686k vulnerability samples in 74 hours (i.e., 0.4 seconds per sample), indicating it is efficient. The gen- erated data is able to improve existing DL-based vulnerability detection, localization, and repair models significantly. The demo video of VinJ can be found at https://youtu.be/-oKoUqBbxD4. The tool website can be found at https://github.com/NewGillig/VInj. We also release the generated large-scale vulnerability dataset, which can be found at https://zenodo.org/records/10574446.
Thu 18 JulDisplayed time zone: Brasilia, Distrito Federal, Brazil change
16:00 - 18:00 | FuzzingDemonstrations / Journal First / Ideas, Visions and Reflections / Research Papers / Industry Papers at Sapoti Chair(s): Maxime Lamothe Polytechnique Montreal, Montreal, Canada | ||
16:00 18mTalk | Dodrio: Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling Industry Papers Jie Liang , Mingzhe Wang Tsinghua University, Chijin Zhou Tsinghua University, Zhiyong Wu Tsinghua University, China, Jianzhong Liu ShanghaiTech University, Yu Jiang Tsinghua University | ||
16:18 18mTalk | Evolutionary Generative Fuzzing for Differential Testing of the Kotlin Compiler Industry Papers Călin Georgescu Delft University of Technology, Mitchell Olsthoorn Delft University of Technology, Pouria Derakhshanfar JetBrains Research, Marat Akhin JetBrains Research, Annibale Panichella Delft University of Technology | ||
16:36 18mTalk | Evaluating Directed Fuzzers: Are We Heading in the Right Direction? Research Papers Tae Eun Kim KAIST, Jaeseung Choi Sogang University, Seongjae Im KAIST, Kihong Heo KAIST, Sang Kil Cha KAIST Pre-print Media Attached | ||
16:54 9mTalk | When Fuzzing Meets LLMs: Challenges and Opportunities Ideas, Visions and Reflections Yu Jiang Tsinghua University, Jie Liang , Fuchen Ma Tsinghua University, Yuanliang Chen Tsinghua University, Chijin Zhou Tsinghua University, Yuheng Shen Tsinghua University, Zhiyong Wu Tsinghua University, China, Jingzhou Fu Tsinghua University, Mingzhe Wang Tsinghua University, Shanshan Li National University of Defense Technology, Quan Zhang Tsinghua University Pre-print | ||
17:03 9mTalk | Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing Ideas, Visions and Reflections Leon Bettscheider CISPA Helmholtz Center for Information Security, Andreas Zeller CISPA Helmholtz Center for Information Security Link to publication DOI | ||
17:12 9mTalk | VinJ: An Automated Tool for Large-Scale Software Vulnerability Data Generation Demonstrations Yu Nong Washington State University, Haoran Yang Washington State University, Feng Chen University of Texas at Dallas, Haipeng Cai Washington State University DOI Pre-print Media Attached | ||
17:30 18mTalk | The Human Side of Fuzzing: Challenges Faced by Developers During Fuzzing Activities Journal First Olivier Nourry Kyushu University, Yutaro Kashiwa Nara Institute of Science and Technology, Bin Lin Radboud University, Gabriele Bavota Software Institute @ Università della Svizzera Italiana, Michele Lanza Software Institute - USI, Lugano, Yasutaka Kamei Kyushu University | ||