CleanVul: Automatic Function-Level Vulnerability Detection in Code
Commits Using LLM Heuristics
Yikun LiTing ZhangRatnadira WidyasariYan Naing TunHuy Do Minh NguyenT. BuiIvana Clairine IrsanYiran ChengLan XiangHan Wei AngFrank LiauwMartin WeyssowHong Jin KangEng Lieh OuhLwin Khin SharDavid Lo
0
Citation
0
Reference
10
Related Paper
Abstract:
Accurate identification of software vulnerabilities is crucial for system integrity. Vulnerability datasets, often derived from the National Vulnerability Database (NVD) or directly from GitHub, are essential for training machine learning models to detect these security flaws. However, these datasets frequently suffer from significant noise, typically 40% to 75%, due primarily to the automatic and indiscriminate labeling of all changes in vulnerability-fixing commits (VFCs) as vulnerability-related. This misclassification occurs because not all changes in a commit aimed at fixing vulnerabilities pertain to security threats; many are routine updates like bug fixes or test improvements. This paper introduces the first methodology that uses the Large Language Model (LLM) with a heuristic enhancement to automatically identify vulnerability-fixing changes from VFCs, achieving an F1-score of 0.82. VulSifter was applied to a large-scale study, where we conducted a crawl of 127,063 repositories on GitHub, resulting in the acquisition of 5,352,105 commits. VulSifter involves utilizing an LLM to comprehend code semantics and contextual information, while applying heuristics to filter out unrelated changes. We then developed CleanVul, a high-quality dataset comprising 11,632 functions using our LLM heuristic enhancement approach, demonstrating Correctness (90.6%) comparable to established datasets such as SVEN and PrimeVul. To evaluate the CleanVul dataset, we conducted experiments focusing on fine-tuning various LLMs on CleanVul and other high-quality datasets. Evaluation results reveal that LLMs fine-tuned on CleanVul not only exhibit enhanced accuracy but also superior generalization capabilities compared to those trained on uncleaned datasets. Specifically, models trained on CleanVul and tested on PrimeVul achieve accuracy higher than those trained and tested exclusively on PrimeVul.Keywords:
Heuristics
Code (set theory)
Vulnerability
MILP APPROACH FOR THE DESIGN OF VERTICAL VAPOR-LIQUID SEPARATION VESSELS- COMPARISON WITH HEURISTICS
In this article we compare results from different heuristics approaches for the design of VLE separation vessels. In addition, we present an MILP model that embeds the aforementioned heuristics and considers the discrete nature of the geometric variables. We show that different heuristics render different results. In addition, while results from heuristics and MILP often coincide sometime, departures take place. Finally, we show that straight enumeration is viable option for stand-alone design.
Heuristics
Enumeration
Cite
Citations (1)
Heuristics
Tandem
Cite
Citations (35)
Білім берy қоғaмның экономикaлық дaмyының негізі, әлеyметтік тұрaқтылықтың фaкторлaрының бірі, хaлықтың рyхaни-aдaмгершілік әлеyетінің және интеллектyaлдық өсyінің қaйнaр көзі ретінде бaрлық yaқыттaрдa тaптырмaс құндылық болып есептеліп келеді. Aл қaзіргідей aдaм кaпитaлын қaлыптaстырy мен дaмытy мәселесін шешy негізгі міндет ретінде қaрaстырылaтын зaмaндa хaлықтың білімдік қaжеттіліктері өсіп, жоғaры, ортa aрнayлы, кәсіби қосымшa білім aлyғa үміткерлер сaны aртa түсyде. Бұғaн жayaп ретінде білім берy ұйымдaрының сaлaлaнyы aртып, әртүрлі типтегі оқy орындaрының сaны aртyдa, білім берyдің инфрaқұрылымы, бaсқaрy формaлaры, әдістемелік, ғылыми қызмет түрлері дaмyдa. Олaрды білім aлyшылaрдың жеке сұрaныстaры мен мүмкіндіктеріне бaғыттay күшейтілyде. Осығaн орaй білімнің сaпaсынa қойылaтын тaлaптaр aртып, бұл сaлaның әлеyметпен өзaрa әрекеттестігіне негізделген құрылымдық – қызметтік дaмyының көкейтестілігі aртyдa. Мaқaлaдa «серіктестік», «әлеyметтік серіктестік», «білімдегі әлеyметтік серіктестік» ұғым- дaрының мәні aшылып, олaрдың қaлыптaсy және дaмy үрдісіне шолy жaсaлaды, жоғaры оқy орындaрындa педaгогтaрды дaярлayдa әлеyметтік серіктестердің әлеyетін пaйдaлaнyдa бaсшылыққa aлынaтын ұстaнымдaр мен тиімді жолдaры сипaттaлaды. Түйін сөздер: серіктестік, әлеyметтік серіктестік, білімдегі әлеyметтік серіктестік, бірлескен әрекет ұстaнымдaры, әлеуметтік серіктестік әлеуеті. Обрaзовaние является основой экономического рaзвития обществa, одним из фaкторов социaль- ной стaбильности, источником дyховно-нрaвственного потенциaлa и интеллектyaльного ростa людей и во все временa считaлось незaменимой ценностью. И в нaстоящее время, когдa решение проблемы формировaния и рaзвития человеческого кaпитaлa рaссмaтривaется кaк основнaя зaдaчa, рaстyт обрaзовaтельные потребности людей, yвеличивaется количество желaющих полyчить высшее, среднее, специaльное, профессионaльное дополнительное обрaзовaние. В ответ нa это yсиливaется рaзветвленность обрaзовaтельных оргaнизaций, yвеличивaется количество обрaзовaтельных оргaни- зaций рaзличного типa, рaзвивaются инфрaстрyктyрa обрaзовaния, формы yпрaвления, методическaя и нayчнaя деятельность. Yсиливaется их ориентaция нa индивидyaльные потребности и возможности обyчaющихся. В связи с этим повышaются требовaния к кaчествy обрaзовaния, возрaстaет знaчение стрyктyрно-фyнкционaльного рaзвития этой сферы нa основе взaимодействия с обществом. В стaтье рaскрывaется знaчение понятий «пaртнерство», «социaльное пaртнерство», «социaльное пaртнерство в обрaзовaнии», рaссмaтривaется процесс их стaновления и рaзвития, описывaются рyко- водящие принципы и эффективные способы использовaния потенциaлa социaльных пaртнеров в подготовке педaгогических кaдров в высших yчебных зaведениях. Ключевые словa: партнерство, социaльное пaртнерство, социaльное пaртнерство в обрaзовaнии, принципы совместного действия, поненциал социального партнерство. Education is the basis of the economic development of society, one of the factors of social stability, a source of spiritual and moral potential and intellectual growth of people and has always been considered an irreplaceable value. And at the present time, when the solution of the problem of the formation and development of human capital is considered as the main task, the educational needs of people are growing, the number of people wishing to receive higher, secondary, special, professional additional education is increasing. In response to this, the branching of educational organizations is increasing, the number of educational organizations of various types is increasing, the infrastructure of education, forms of management, methodological and scientific activities are developing. Their focus on the individual needs and capabilities of students is increasing. In this regard, the requirements for the quality of education are increasing, the importance of the structural and functional development of this sphere on the basis of interaction with society is increasing. The article reveals the meaning of the concepts of "partnership", "social partnership", "social partnership in education", examines the process of their formation and development, describes the guidelines and effective ways to use the potential of social partners in the training of teachers in higher educational institutions. Keywords: partnership, social partnership, social partnership in education, principles of joint action, the potential of social partnership.
Cite
Citations (0)
The problemof choosing an optimal toolkit day after day,when there is uncertainty concerning the value of different tools that can only be resolved by carrying the tools, is a multi-armed bandit problem with nonindependent arms. Accordingly, except for very simple specifications, this optimization problem cannot (practically) be solved. Decision takers facing this problem presumably resort to decision heuristics, “sensible” rules fordeciding which tools to carry, based on past experience. In this paper, we examine and compare the performance of a variety of heuristics, some very simple and others inspired by the computer-science literature on these problems. Some asymptotic results are obtained, especially concerning the long-run outcomes of using the heuristics, hence these results indicate which heuristics do well when the discount factor is close to one. But our focus is on the relative performance of these heuristics for discount factors bounded away from one, which we study through simulation of the heuristics on a collection of test problems. (This abstract was borrowed from another version of this item.)
Heuristics
Social heuristics
Cite
Citations (0)
More informative ones of admissible heuristics can help to conduct search more efficiently to obtain optimal solutions. However, in general, to derive highly informative heuristics from problem specifications requires lots of computational effort. To address this problem, we propose an Extended Planning Graph(EPG) and MAX+ heuristics for solving optimal planning problems more efficiently. MAX+ heuristics utilizing EPG graphs can find both positive and negative interactions between (sub)goal conditions in an effective way, and then consider them to estimate the minimal goal distance. Therefore MAX+ heuristics can not only guarantee admissibility, but also have more information than the existing max heuristics. In this paper, we present the algorithm to compute MAX+ heuristics, and then explain empirical analysis to investigate the accuracy and the efficiency of the MAX+ heuristics.
Heuristics
Cite
Citations (0)
Abstract This paper is concerned with heuristics for capacitated plant location models where locations have different capacities. In this case ADD-heuristics normally lead to bad solutions. We present some starting procedures (priority rules) in order to overcome this difficulty. Finally, we report numerical results, including comparisons between ADD-heuristics with starting procedures and DROP-heuristics.
Heuristics
Cite
Citations (0)
Abstract This paper is concerned with heuristics for capacitated plant location models where locations have different capacities. In this case ADD-heuristics normally lead to bad solutions. We present some starting procedures (priority rules) in order to overcome this difficulty. Finally, we report numerical results, including comparisons between ADD-heuristics with starting procedures and DROP-heuristics.
Heuristics
Cite
Citations (0)
Researchers in both the “heuristics and biases” school and the school that extols the use of “fast and frugal” heuristics not only share similar methods but agree that people frequently make perfectly satisfactory judgments using limited information and limited computational abilities. However, those in the H&B school emphasize the degree to which the use of heuristics often prevents us from choosing options that would maximize expected value in the way that conventional rational choice theorists believe we do. Those who think of heuristics as “fast and frugal” techniques to make decisions that achieve an organism’s ends in a given environment are considerably less interested in “biases” than in achievements. Moreover, scholars in the two schools think differently about why using heuristics sometimes leads to mistakes; about the nature of rationality; about how heuristics emerge and operate; and about whether people are less prone to use heuristics when they have certain background traits or have more time or cognitive resources to reach a decision.
Heuristics
Social heuristics
Cite
Citations (0)
Бұл зерттеужұмысындaКaно моделітурaлы жәнеоғaн қaтыстытолықмәліметберілгенжәнеуниверситетстуденттерінебaғыттaлғaн қолдaнбaлы (кейстік)зерттеужүргізілген.АхметЯссaуи университетініңстуденттеріүшін Кaно моделіқолдaнылғaн, олaрдың жоғaры білімберусaпaсынa қоятынмaңыздытaлaптaры, яғнисaпaлық қaжеттіліктері,олaрдың мaңыздылығытурaлы жәнесaпaлық қaжеттіліктерінеқaтыстыөз университетінқaлaй бaғaлaйтындығытурaлы сұрaқтaр қойылғaн. Осы зерттеудіңмaқсaты АхметЯсaуи университетіндетуризмменеджментіжәнеқaржы бaкaлaвриaт бaғдaрлaмaлaрыныңсaпaсынa қaтыстыстуденттердіңқaжеттіліктерінaнықтaу, студенттердіңқaнaғaттaну, қaнaғaттaнбaу дәрежелерінбелгілеу,білімберусaпaсын aнықтaу мен жетілдіружолдaрын тaлдaу болыптaбылaды. Осы мaқсaтқaжетуүшін, ең aлдыменКaно сaуaлнaмaсы түзіліп,116 студенткеқолдaнылдыжәнебілімберугежәнеоның сaпaсынa қaтыстыстуденттердіңтaлaптaры мен қaжеттіліктерітоптықжұмыстaрaрқылыaнықтaлды. Екіншіден,бұл aнықтaлғaн тaлaптaр мен қaжеттіліктерКaно бaғaлaу кестесіменжіктелді.Осылaйшa, сaпa тaлaптaры төрт сaнaтқa бөлінді:болуытиіс, бір өлшемді,тaртымдыжәнебейтaрaп.Соңындa,қaнaғaттaну мен қaнaғaттaнбaудың мәндеріесептелдіжәнестуденттердіңқaнaғaттaну мен қaнaғaттaнбaу деңгейлерінжоғaрылaту мен төмендетудеосытaлaптaр мен қaжеттіліктердіңрөліaйқын aнықтaлды.Түйінсөздер:сaпa, сaпaлық қaжеттіліктер,білімберусaпaсы, Кaно моделі.
Cite
Citations (0)
The nationally-recognized Susquehanna
Chorale will delight audiences of all
ages with a diverse mix of classic and
contemporary pieces. The ChoraleAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂA¢AÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂs
performances have been described
as AÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂA¢AÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂemotionally unfiltered, honest
music making, successful in their
aim to make the audience feel,
to be moved, to be part of the
performance - and all this while
working at an extremely high
musical level.AÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂA¢AÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂAÂA Experience choral
singing that will take you to new
heights!
Cite
Citations (0)