VinJ: An Automated Tool for Large-Scale Software Vulnerability Data Generation

Yu Nong; Haoran Yang; Feng Chen; Haipeng Cai

doi:10.1145/3663529.3663800

VinJ: An Automated Tool for Large-Scale Software Vulnerability Data Generation

Yu Nong
, Haoran Yang
, Feng Chen
, Haipeng Cai

Department of Computer Science and Engineering

Washington State University Pullman
University of Texas at Dallas

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

We present VinJ, an efficient automated tool for large-scale diverse vulnerability data generation. VinJ automatically generates vulnerability data by injecting vulnerabilities into given programs, based on knowledge learned from existing vulnerability data. VinJ is able to generate diverse vulnerability data covering 18 CWEs with 69% success rate and generate 686k vulnerability samples in 74 hours (i.e., 0.4 seconds per sample), indicating it is efficient. The generated data is able to improve existing DL-based vulnerability detection, localization, and repair models significantly. The demo video of VinJ can be found at https://youtu.be/-oKoUqBbxD4. The tool website can be found at https://github.com/NewGillig/VInj. We also release the generated large-scale vulnerability dataset, which can be found at https://zenodo.org/records/10574446.

Original language	English
Title of host publication	FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering
Editors	Marcelo d�Amorim
Publisher	Association for Computing Machinery, Inc
Pages	567-571
Number of pages	5
ISBN (Electronic)	9798400706585
DOIs	https://doi.org/10.1145/3663529.3663800
State	Published - Jul 10 2024
Event	32nd ACM International Conference on the Foundations of Software Engineering, FSE Companion - Porto de Galinhas, Brazil Duration: Jul 15 2024 → Jul 19 2024

Publication series

Name	FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering

Conference

Conference	32nd ACM International Conference on the Foundations of Software Engineering, FSE Companion
Country/Territory	Brazil
City	Porto de Galinhas
Period	07/15/24 → 07/19/24

Keywords

Vulnerability analysis
data augmentation
deep learning

Access to Document

10.1145/3663529.3663800

Cite this

Nong, Y., Yang, H., Chen, F., & Cai, H. (2024). VinJ: An Automated Tool for Large-Scale Software Vulnerability Data Generation. In M. d�Amorim (Ed.), FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering (pp. 567-571). (FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering). Association for Computing Machinery, Inc. https://doi.org/10.1145/3663529.3663800

Nong, Yu ; Yang, Haoran ; Chen, Feng et al. / VinJ : An Automated Tool for Large-Scale Software Vulnerability Data Generation. FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering. editor / Marcelo d�Amorim. Association for Computing Machinery, Inc, 2024. pp. 567-571 (FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering).

@inproceedings{58698e615f784633945d9acf605f0735,

title = "VinJ: An Automated Tool for Large-Scale Software Vulnerability Data Generation",

abstract = "We present VinJ, an efficient automated tool for large-scale diverse vulnerability data generation. VinJ automatically generates vulnerability data by injecting vulnerabilities into given programs, based on knowledge learned from existing vulnerability data. VinJ is able to generate diverse vulnerability data covering 18 CWEs with 69\% success rate and generate 686k vulnerability samples in 74 hours (i.e., 0.4 seconds per sample), indicating it is efficient. The generated data is able to improve existing DL-based vulnerability detection, localization, and repair models significantly. The demo video of VinJ can be found at https://youtu.be/-oKoUqBbxD4. The tool website can be found at https://github.com/NewGillig/VInj. We also release the generated large-scale vulnerability dataset, which can be found at https://zenodo.org/records/10574446.",

keywords = "Vulnerability analysis, data augmentation, deep learning",

author = "Yu Nong and Haoran Yang and Feng Chen and Haipeng Cai",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 32nd ACM International Conference on the Foundations of Software Engineering, FSE Companion ; Conference date: 15-07-2024 Through 19-07-2024",

year = "2024",

month = jul,

day = "10",

doi = "10.1145/3663529.3663800",

language = "English",

series = "FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering",

publisher = "Association for Computing Machinery, Inc",

pages = "567--571",

editor = "Marcelo d�Amorim",

booktitle = "FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering",

}

Nong, Y, Yang, H, Chen, F & Cai, H 2024, VinJ: An Automated Tool for Large-Scale Software Vulnerability Data Generation. in M d�Amorim (ed.), FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering. FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering, Association for Computing Machinery, Inc, pp. 567-571, 32nd ACM International Conference on the Foundations of Software Engineering, FSE Companion, Porto de Galinhas, Brazil, 07/15/24. https://doi.org/10.1145/3663529.3663800

VinJ: An Automated Tool for Large-Scale Software Vulnerability Data Generation. / Nong, Yu; Yang, Haoran; Chen, Feng et al.
FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering. ed. / Marcelo d�Amorim. Association for Computing Machinery, Inc, 2024. p. 567-571 (FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - VinJ

T2 - 32nd ACM International Conference on the Foundations of Software Engineering, FSE Companion

AU - Nong, Yu

AU - Yang, Haoran

AU - Chen, Feng

AU - Cai, Haipeng

PY - 2024/7/10

Y1 - 2024/7/10

N2 - We present VinJ, an efficient automated tool for large-scale diverse vulnerability data generation. VinJ automatically generates vulnerability data by injecting vulnerabilities into given programs, based on knowledge learned from existing vulnerability data. VinJ is able to generate diverse vulnerability data covering 18 CWEs with 69% success rate and generate 686k vulnerability samples in 74 hours (i.e., 0.4 seconds per sample), indicating it is efficient. The generated data is able to improve existing DL-based vulnerability detection, localization, and repair models significantly. The demo video of VinJ can be found at https://youtu.be/-oKoUqBbxD4. The tool website can be found at https://github.com/NewGillig/VInj. We also release the generated large-scale vulnerability dataset, which can be found at https://zenodo.org/records/10574446.

AB - We present VinJ, an efficient automated tool for large-scale diverse vulnerability data generation. VinJ automatically generates vulnerability data by injecting vulnerabilities into given programs, based on knowledge learned from existing vulnerability data. VinJ is able to generate diverse vulnerability data covering 18 CWEs with 69% success rate and generate 686k vulnerability samples in 74 hours (i.e., 0.4 seconds per sample), indicating it is efficient. The generated data is able to improve existing DL-based vulnerability detection, localization, and repair models significantly. The demo video of VinJ can be found at https://youtu.be/-oKoUqBbxD4. The tool website can be found at https://github.com/NewGillig/VInj. We also release the generated large-scale vulnerability dataset, which can be found at https://zenodo.org/records/10574446.

KW - Vulnerability analysis

KW - data augmentation

KW - deep learning

UR - https://www.scopus.com/pages/publications/85199066206

U2 - 10.1145/3663529.3663800

DO - 10.1145/3663529.3663800

M3 - Conference contribution

AN - SCOPUS:85199066206

T3 - FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering

SP - 567

EP - 571

BT - FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering

A2 - d�Amorim, Marcelo

PB - Association for Computing Machinery, Inc

Y2 - 15 July 2024 through 19 July 2024

ER -

Nong Y, Yang H, Chen F, Cai H. VinJ: An Automated Tool for Large-Scale Software Vulnerability Data Generation. In d�Amorim M, editor, FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering. Association for Computing Machinery, Inc. 2024. p. 567-571. (FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering). doi: 10.1145/3663529.3663800

VinJ: An Automated Tool for Large-Scale Software Vulnerability Data Generation

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this