The existing vulnerability management library collects a large number of software vulnerabilities, but the vulnerability information is relatively scattered, making it difficult for users to quickly locate and search for specific vulnerabilities and their solutions. To alleviate this problem, we extract knowledge from vulnerability reports and organize the vulnerability information into the form of a knowledge graph. Then, we implement a tool for knowledge-driven vulnerability searching, KVS. This tool mainly uses the BERT model to realize the vulnerability named entity recognition and construct the vulnerability knowledge graph (VulKG). Finally, we can search vulnerabilities of interest-based on VulKG. The URL of this tool is https://cinnqi.github.io/Neo4j-D3-VKG/. Video of our demo is available at https://youtu.be/FT1BaLUGPk0.
Wed 16 NovDisplayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change
14:00 - 15:30 | SecurityDemonstrations / Research Papers at SRC LT 50 Chair(s): Andreea Costea School of Computing, National University Of Singapore | ||
14:00 15mTalk | Automated Unearthing of Dangerous Issue Reports Research Papers Shengyi Pan Zhejiang University, Jiayuan Zhou Huawei, Filipe Cogo Huawei, Xin Xia Huawei, Lingfeng Bao Zhejiang University, Xing Hu Zhejiang University, Shanping Li Zhejiang University, Ahmed E. Hassan Queen’s University DOI | ||
14:15 15mTalk | On the Vulnerability Proneness of Multilingual Code Research Papers Wen Li Washington State University, Li Li Monash University, Haipeng Cai Washington State University DOI Pre-print | ||
14:30 7mTalk | VulCurator: A Vulnerability-Fixing Commit Detector Demonstrations Truong Giang Nguyen Singapore Management University, Le-Cong Thanh Singapore Management University, Hong Jin Kang Singapore Management University, Xuan-Bach D. Le University of Melbourne, David Lo Singapore Management University | ||
14:38 7mTalk | KVS: A Tool for Knowledge-Driven Vulnerability Searching Demonstrations Xingqi Cheng Yangzhou University, Xiaobing Sun Yangzhou University, Lili Bo Yangzhou University, Ying Wei Yangzhou University | ||
14:45 7mTalk | MANDO-GURU: Vulnerability Detection for Smart Contract Source Code By Heterogeneous Graph Embeddings Demonstrations Hoang H. Nguyen L3S Research Center, Leibniz Universität Hannover, Hannover, Germany, Nhat-Minh Nguyen Singapore Management University, Singapore, Hong-Phuc Doan Hanoi University of Science and Technology, Hanoi, Vietnam, Zahra Ahmadi L3S Research Center, Leibniz Universität Hannover, Hannover, Germany, Thanh-Nam Doan Independent Researcher, Atlanta, Georgia, USA, Lingxiao Jiang Singapore Management University DOI Pre-print Media Attached | ||
14:53 7mTalk | FastKLEE: Faster Symbolic Execution via Reducing Redundant Bound Checking of Type-Safe Pointers Demonstrations Haoxin Tu Singapore Management University, Singapore, Lingxiao Jiang Singapore Management University, Xuhua Ding Singapore Management University, He Jiang Dalian University of Technology | ||