AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Intelligent and Converged Networks Article
PDF (5 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Automated and controlled patch generation for enhanced fixing of communication software vulnerabilities

School of Control and Computer Engineering, North China Electric Power University, Beijing 100029, China
Department of Finance, Operations, and Information Systems, Brock University, St. Catharines L2S3A1, Canada
Department of Electrical and Computer Engineering, Stevens Institute of Technology, Hoboken, NJ 07030, USA
Show Author Information

Abstract

Software is a crucial component in the communication systems, and its security is of paramount importance. However, it is susceptible to different types of attacks due to potential vulnerabilities. Meanwhile, significant time and effort is required to fix such vulnerabilities. We propose an automated program repair method based on controlled text generation techniques. Specifically, we utilize a fine-tuned language model for patch generation and introduce a discriminator to evaluate the generation process, selecting results that contribute most to vulnerability fixes. Additionally, we perform static syntax analysis to expedite the patch verification process. The effectiveness of the proposed approach is validated using QuixBugs and Defects4J datasets, demonstrating significant improvements in generating correct patches compared to other existing methods.

Keywords

automatic program repaircontrolled text generationcommunication software securityprogram language model

References

[1]

Y. Xiao, H. H. Chen, X. Du, and M. Guizani, Stream-based cipher feedback mode in wireless error channel, IEEE Trans. Wirel. Commun., vol. 8, no. 2, pp. 622–626, 2009.
Crossref Google Scholar
[2]

M. T. Baldassarre, V. S. Barletta, D. Caivano, and M. Scalera, Integrating security and privacy in software development, Softw. Qual. J., vol. 28, no. 3, pp. 987–1018, 2020.
Crossref Google Scholar
[3]
J. Brown and X. Du, Detection of selective forwarding attacks in heterogeneous sensor networks, in Proc. IEEE Int. Conf. Communications, Beijing, China, 2008, pp. 1583–1587.
Crossref
[4]

J. Xu, M. Li, Z. He, and T. Anwlnkom, Security and privacy protection communication protocol for Internet of vehicles in smart cities, Comput. Electr. Eng., vol. 109, p. 108778, 2023.
Crossref Google Scholar
[5]
X. Du, M. Guizani, Y. Xiao, and H. H. Chen, Defending DoS attacks on broadcast authentication in wireless sensor networks, in Proc. IEEE Int. Conf. Communications, Beijing, China, 2008, pp. 1653–1657.
Crossref
[6]

A. Romdhana, A. Merlo, M. Ceccato, and P. Tonella, Assessing the security of inter-app communications in android through reinforcement learning, Comput. Secur., vol. 131, p. 103311, 2023.
Crossref Google Scholar
[7]

Y. Xiao, Q. Du, W. Cheng, and N. Lu, Secure communication guarantees for diverse extended-reality applications: A unified statistical security model, IEEE J. Sel. Top. Signal Process., vol. 17, no. 5, pp. 1007–1021, 2023.
Crossref Google Scholar
[8]
BuTian Vulnerability Response Platform, 2022 Annual analysis report of patching vulnerability response platform, https://www.qianxin.com/threat/reportdetail?report_id=289, 2023.
[9]

Z. Shen and S. Chen, A survey of automatic software vulnerability detection, program repair, and defect prediction techniques, Secur. Commun. Netw., vol. 2020, no. 1, p. 8858010, 2020.
Crossref Google Scholar
[10]
S. Mechtaev, M. D. Nguyen, Y. Noller, L. Grunske, and A. Roychoudhury, Semantic program repair using a reference implementation, in Proc. 40th Int. Conf. Software Engineering, Gothenburg, Sweden, 2018, pp. 129–139.
Crossref
[11]
M. Kim, Y. Kim, J. Heo, H. Jeong, S. Kim, and E. Lee, Impact of defect instances for successful deep learning-based automatic program repair, in Proc. IEEE Int. Conf. Software Maintenance and Evolution (ICSME), Limassol, Cyprus, 2022, pp. 419–423.
Crossref
[12]
W. Ye, J. Xia, S. Feng, X. Zhong, S. Yuan, and Z. Guan, FixGPT: A novel three-tier deep learning model for automated program repair, in Proc. 8th Int. Conf. Data Science in Cyberspace (DSC), Hefei, China, 2023, pp. 499–505.
Crossref
[13]
A. Radford and K. Narasimhan, Improving language understanding by generative pre-training, https://cdn.openai.com/research-covers/language-unsupervised/language_understanding_paper.pdf, 2018.
[14]

M. Mahanty, B. Vamsi, and D. Madhavi, A corpus-based auto-encoder-and-decoder machine translation using deep neural network for translation from English to Telugu language, SN Comput. Sci., vol. 4, no. 4, p. 354, 2023.
Crossref Google Scholar
[15]
Y. Wang, W. Wang, S. Joty, and S. C. H. Hoi, CodeT5: Identifier-aware unified pre-trained encoder-decoder models for code understanding and generation, in Proc. 2021 Conf. Empirical Methods in Natural Language Processing, Punta Cana, Dominican Republic, 2021, pp. 8696–8708.
Crossref
[16]

X. Du and D. Wu, Adaptive cell relay routing protocol for mobile ad hoc networks, IEEE Trans. Veh. Technol., vol. 55, no. 1, pp. 278–285, 2006.
Crossref Google Scholar
[17]

X. Du and Y. Xiao, Energy efficient Chessboard Clustering and routing in heterogeneous sensor networks, Int. J. Wirel. Mob. Comput., vol. 1, no. 2, p. 121, 2006.
Crossref Google Scholar
[18]
J. Devlin, M. W. Chang, K. Lee, and K. Toutanova, BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding, in Proc. 2019 Conf. North American Chapter of the Association for Computational Linguistics : Human Language Technologies, Minneapolis, MN, USA, 2019, pp. 4171–4186.
[19]
X. Liu, M. Khalifa, and L. Wang, BOLT: Fast energy-based controlled text generation with tunable biases, in Proc. 61st Annual Meeting of the Association for Computational Linguistics, Toronto, Canada, 2023, pp. 186–200.
Crossref
[20]
D. Lin, J. Koppel, A. Chen, and A. Solar-Lezama, QuixBugs: A multi-lingual program repair benchmark set based on the quixey challenge, in Proc. Proceedings Companion of the 2017 ACM SIGPLAN Int. Conf. Systems, Programming, Languages, and Applications : Software for Humanity, Vancouver, Canada, 2017, pp. 55–56.
Crossref
[21]
R. Just, D. Jalali, and M. D. Ernst, Defects4J: A database of existing faults to enable controlled testing studies for Java programs, in Proc. 2014 Int. Symp. Software Testing and Analysis, San Jose, CA USA, 2014, pp. 437–440.
Crossref
[22]
O. M. Villanueva, L. Trujillo, and D. E. Hernandez, Novelty search for automatic bug repair, in Proc. 2020 Genetic and Evolutionary Computation Conf., Cancún, Mexico, 2020, pp. 1021–1028.
Crossref
[23]

X. Gao, B. Wang, G. J. Duck, R. Ji, Y. Xiong, and A. Roychoudhury, Beyond tests: Program vulnerability repair via crash constraint extraction, ACM Trans. Softw. Eng. Methodol., vol. 30, no. 2, p. 14, 2021.
Crossref Google Scholar
[24]
R. Gupta, S. Pal, A. Kanade, and S. Shevade, DeepFix: fixing common C language errors by deep learning, in Proc. 31st AAAI Conf. Artificial Intelligence (AAAI'17), San Francisco, CA, USA, pp. 1345–1351.
Crossref
[25]
M. White, M. Tufano, M. Martínez, M. Monperrus, and D. Poshyvanyk, Sorting and transforming program repair ingredients via deep learning code similarities, in Proc. IEEE 26th Int. Conf. Software Analysis, Evolution and Reengineering (SANER), Hangzhou, China, 2019, pp. 479–490.
Crossref
[26]

M. Tufano, C. Watson, G. Bavota, M. Di Penta, M. White, and D. Poshyvanyk, An empirical study on learning bug-fixing patches in the wild via neural machine translation, ACM Trans. Softw. Eng. Methodol., vol. 28, no. 4, p. 19, 2019.
Crossref Google Scholar
[27]
T. Lutellier, H. V. Pham, L. Pang, Y. Li, M. Wei, and L. Tan, CoCoNuT: Combining context-aware neural translation models using ensemble for program repair, in Proc. 29th ACM SIGSOFT Int. Symp. on Software Testing and Analysis, virtual, 2020, pp. 101–114.
Crossref
[28]
N. Jiang, T. Lutellier, and L. Tan, CURE: Code-aware neural machine translation for automatic program repair, in Proc. IEEE/ACM 43rd Int. Conf. Software Engineering (ICSE), Madrid, Spain, 2021, pp. 1161–1173.
Crossref
[29]

C. Le Goues, T. Nguyen, S. Forrest, and W. Weimer, GenProg: A generic method for automatic software repair, IEEE Trans. Softw. Eng., vol. 38, no. 1, pp. 54–72, 2012.
Crossref Google Scholar
[30]
Y. Qi, X. Mao, Y. Lei, Z. Dai, and C. Wang, Does genetic programming work well on automated program repair? in Proc. Int. Conf. Computational and Information Sciences, Shiyang, China, 2013, pp. 1875–1878.
Crossref
[31]

J. Xuan, M. Martinez, F. DeMarco, M. Clément, S. L. Marcote, T. Durieux, D. Le Berre, and M. Monperrus, Nopol: automatic repair of conditional statement bugs in Java programs, IEEE Trans. Softw. Eng., vol. 43, no. 1, pp. 34–55, 2017.
Crossref Google Scholar
[32]
Z. Qi, F. Long, S. Achour, and M. Rinard, An analysis of patch plausibility and correctness for generate-and-validate patch generation systems, in Proc. 2015 Int. Symp. on Software Testing and Analysis, Baltimore, MD USA, 2015, pp. 24–36.
Crossref
[33]

S. Chakraborty, Y. Ding, M. Allamanis, and B. Ray, CODIT: code editing with tree-based neural models, IEEE Trans. Softw. Eng., vol. 48, no. 4, pp. 1385–1399, 2022.
Crossref Google Scholar
Intelligent and Converged Networks
Volume 5 Issue 3,
September 2024
Pages 222-236
DOI: 10.23919/ICN.2024.0016
Cite this article:
Feng S, Yuan S, Guan Z, et al. Automated and controlled patch generation for enhanced fixing of communication software vulnerabilities. Intelligent and Converged Networks, 2024, 5(3): 222-236. https://doi.org/10.23919/ICN.2024.0016

39

Views

6

Downloads

0

Crossref

0

Scopus

Altmetrics
Received: 23 December 2023
Revised: 28 February 2024
Accepted: 25 April 2024
Published: 30 September 2024
© All articles included in the journal are copyrighted to the ITU and TUP.

This work is available under the CC BY-NC-ND 3.0 IGO license:https://creativecommons.org/licenses/by-nc-nd/3.0/igo/
Return