Code similarity is one promising approach to detect vulnerabilities hidden in software programs. However, due to the complexity and diversity of source code, current methods suffer low accuracy, high false negative and poor performance, especially in analyzing a large program. In this paper, we propose to tackle these problems by presenting VulDetector, a static-analysis tool to detect C/C++ vulnerabilities based on graph comparison at the granularity of function. At the key of VulDetector is a weighted feature graph (WFG) model which characterizes function with a small yet semantically rich graph. It first pinpoints vulnerability-sensitive keywords to slice the control flow graph of a function, thereby reducing the graph size without compromising security-related semantics. Then, each sliced subgraph is characterized using WFG, which provides both syntactic and semantic features in varying degrees of security. As for graph comparison, we take full usage of vulnerability graph and patch graph to improve accuracy. In addition, we propose two optimization methods based on analysis of vulnerabilities. We have implemented VulDetector to automatically detect vulnerabilities in software programs with known vulnerabilities. The experimental results prove the effectiveness and efficiency of VulDetector.

中文翻译：

---

VulDetector：使用加权特征图比较检测漏洞

代码相似性是一种检测软件程序中隐藏的漏洞的有前途的方法。但是，由于源代码的复杂性和多样性，当前的方法尤其是在分析大型程序时，精度低，假阴性高，性能差。在本文中，我们建议通过展示VulDetector来解决这些问题，VulDetector是一种静态分析工具，用于基于函数粒度的图比较来检测C / C ++漏洞。VulDetector的关键是加权特征图（WFG）模型，该模型使用小的但语义丰富的图来表征功能。它首先精确定位对漏洞敏感的关键字，以对函数的控制流图进行切片，从而在不影响安全性相关语义的情况下减小图的大小。然后，使用WFG对每个切片的子图进行特征化，它以不同程度的安全性提供语法和语义功能。至于图比较，我们充分利用了漏洞图和补丁图来提高准确性。此外，我们基于漏洞分析提出了两种优化方法。我们已实现VulDetector，以自动检测具有已知漏洞的软件程序中的漏洞。实验结果证明了VulDetector的有效性和效率。