Vulnerability Detection via Multimodal Learning: Datasets and Analysis

Abstract

A vulnerability is a weakness that can be exploited by an attacker, e.g., performing unauthorized actions within a computer system. For example, privilege escalation is a type of vulnerability in software, which can be used to gain elevated access to resources that are normally protected from an application or user. However, most applications contain vulnerabilities, some are fixed over time by patches, but many are discovered only after exploitation, which results in steep costs. Furthermore, program analysis tools are generally quite difficult to use. Security analysts still do manual investigation on software, i.e., using static analysis tools on machine code or source code to find bugs. Multimodal learning has been widely used in image processing, but is rarely seen in software security. We introduce a new dataset for multimodal deep learning, MVDSC-C (Multisource for Vulnerability Detection in Source Code - C/C++). Our preliminary results show that combined modalities perform better than single modalities.