Vulnerability detection using machine learning is a hot topic in improving software security. However, existing works formulate detection as a classification problem, which requires a large set of labelled data while capturing semantical and syntactic similarity. In this work, we argue that similarity in the view of vulnerability is the key in detecting vulnerabilities. We prepare a relatively smaller data set composed of both vulnerabilities and associated patches, and attempt to realize security similarity from (i) the similarity between pair of vulnerabilities and (ii) the difference between a pair of vulnerability and patch. To achieve this, we setup the detection model using the Siamese network cooperated with BiLSTM and Attention to deal with source code, Attention network to improve the detection accuracy. On a data set of 876 vulnerabilities and patches of OpenSSL and Linux, the proposed model (VDSimilar) achieves about 97.17% in AUC value of OpenSSL (where the Attention network contributes 1.21% than BiLSTM in Siamese), which is more outstanding than the most advanced methods based on deep learning.

使用机器学习进行漏洞检测是提高软件安全性的热门话题。然而，现有的工作将检测表述为分类问题，这需要大量标记数据，同时捕获语义和句法相似性。在这项工作中，我们认为漏洞观点的相似性是检测漏洞的关键。我们准备了一个由漏洞和相关补丁组成的相对较小的数据集，并尝试从（i）漏洞对之间的相似性和（ii）漏洞对和补丁之间的差异来实现安全相似性。为此，我们使用 Siamese 网络与 BiLSTM 和 Attention 合作来设置检测模型来处理源代码，Attention 网络以提高检测精度。