Loading [a11y]/accessibility-menu.js
A Vulnerability Propagation Impact Analysis Approach Based on Code Semantics with LLM | IEEE Conference Publication | IEEE Xplore

A Vulnerability Propagation Impact Analysis Approach Based on Code Semantics with LLM


Abstract:

Vulnerability propagation in software systems is always one of the most important problems in software reliability analysis. Previous methods primarily relied on the call...Show More

Abstract:

Vulnerability propagation in software systems is always one of the most important problems in software reliability analysis. Previous methods primarily relied on the calling relationships between functions, which failed to accurately capture the vulnerability propagation process, resulting in a high false positive rate. To resolve this issue, this paper proposes a vulnerability propagation impact analysis method based on code semantics, aimed at providing a fine-grained analysis. Specifically, the research designs a prompt template for generating prompt for each function in the vulnerability propagation chain, enabling the extraction of intra-function constraint information through a Large Language Model (LLM). Additionally, the study proposes a constraint combination method based on inter-function data transfer relationships, which is used to aggregate the complete constraint information within the vulnerability propagation chain. Finally, the research incorporates a vulnerability trigger determination method based on Satisfiability Modulo Theory (SMT) and a vulnerability trigger probability estimation method based on Monte Carlo simulation. The result of case study demonstrates the effectiveness of the proposed method.
Date of Conference: 02-03 November 2024
Date Added to IEEE Xplore: 01 January 2025
ISBN Information:

ISSN Information:

Conference Location: Taicang, Suzhou, China

References

References is not available for this document.