Automated and Controlled Patch Generation for Enhanced Fixing of Communication Software Vulnerabilities

Shuo Feng; Shuai Yuan; Zhitao Guan; Xiaojiang Du

doi:10.23919/ICN.2024.0016

Automated and Controlled Patch Generation for Enhanced Fixing of Communication Software Vulnerabilities

Shuo Feng
, Shuai Yuan
, Zhitao Guan
, Xiaojiang Du

Department of Electrical and Computer Engineering

Research output: Contribution to journal › Article › peer-review

1 Scopus citations

Abstract

Software is a crucial component in the communication systems, and its security is of paramount importance. However, it is susceptible to different types of attacks due to potential vulnerabilities. Meanwhile, significant time and effort is required to fix such vulnerabilities. We propose an automated program repair method based on controlled text generation techniques. Specifically, we utilize a fine-tuned language model for patch generation and introduce a discriminator to evaluate the generation process, selecting results that contribute most to vulnerability fixes. Additionally, we perform static syntax analysis to expedite the patch verification process. The effectiveness of the proposed approach is validated using QuixBugs and Defects4J datasets, demonstrating significant improvements in generating correct patches compared to other existing methods.

Original language	English
Pages (from-to)	222-236
Number of pages	15
Journal	Intelligent and Converged Networks
Volume	5
Issue number	3
DOIs	https://doi.org/10.23919/ICN.2024.0016
State	Published - 2024

Keywords

automatic program repair
communication software security
controlled text generation
program language model

Access to Document

10.23919/ICN.2024.0016

Cite this

@article{5b3a419ce3a9455486d1286904bb9169,

title = "Automated and Controlled Patch Generation for Enhanced Fixing of Communication Software Vulnerabilities",

abstract = "Software is a crucial component in the communication systems, and its security is of paramount importance. However, it is susceptible to different types of attacks due to potential vulnerabilities. Meanwhile, significant time and effort is required to fix such vulnerabilities. We propose an automated program repair method based on controlled text generation techniques. Specifically, we utilize a fine-tuned language model for patch generation and introduce a discriminator to evaluate the generation process, selecting results that contribute most to vulnerability fixes. Additionally, we perform static syntax analysis to expedite the patch verification process. The effectiveness of the proposed approach is validated using QuixBugs and Defects4J datasets, demonstrating significant improvements in generating correct patches compared to other existing methods.",

keywords = "automatic program repair, communication software security, controlled text generation, program language model",

author = "Shuo Feng and Shuai Yuan and Zhitao Guan and Xiaojiang Du",

note = "Publisher Copyright: {\textcopyright} 2020 Tsinghua University Press.",

year = "2024",

doi = "10.23919/ICN.2024.0016",

language = "English",

volume = "5",

pages = "222--236",

number = "3",

}

TY - JOUR

T1 - Automated and Controlled Patch Generation for Enhanced Fixing of Communication Software Vulnerabilities

AU - Feng, Shuo

AU - Yuan, Shuai

AU - Guan, Zhitao

AU - Du, Xiaojiang

PY - 2024

Y1 - 2024

N2 - Software is a crucial component in the communication systems, and its security is of paramount importance. However, it is susceptible to different types of attacks due to potential vulnerabilities. Meanwhile, significant time and effort is required to fix such vulnerabilities. We propose an automated program repair method based on controlled text generation techniques. Specifically, we utilize a fine-tuned language model for patch generation and introduce a discriminator to evaluate the generation process, selecting results that contribute most to vulnerability fixes. Additionally, we perform static syntax analysis to expedite the patch verification process. The effectiveness of the proposed approach is validated using QuixBugs and Defects4J datasets, demonstrating significant improvements in generating correct patches compared to other existing methods.

AB - Software is a crucial component in the communication systems, and its security is of paramount importance. However, it is susceptible to different types of attacks due to potential vulnerabilities. Meanwhile, significant time and effort is required to fix such vulnerabilities. We propose an automated program repair method based on controlled text generation techniques. Specifically, we utilize a fine-tuned language model for patch generation and introduce a discriminator to evaluate the generation process, selecting results that contribute most to vulnerability fixes. Additionally, we perform static syntax analysis to expedite the patch verification process. The effectiveness of the proposed approach is validated using QuixBugs and Defects4J datasets, demonstrating significant improvements in generating correct patches compared to other existing methods.

KW - automatic program repair

KW - communication software security

KW - controlled text generation

KW - program language model

UR - https://www.scopus.com/pages/publications/85207101627

UR - https://www.scopus.com/pages/publications/85207101627#tab=citedBy

U2 - 10.23919/ICN.2024.0016

DO - 10.23919/ICN.2024.0016

M3 - Article

AN - SCOPUS:85207101627

VL - 5

SP - 222

EP - 236

JO - Intelligent and Converged Networks

JF - Intelligent and Converged Networks

IS - 3

ER -

Automated and Controlled Patch Generation for Enhanced Fixing of Communication Software Vulnerabilities

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this