Vulnerability Name Prediction Based on Enhanced Multi-Source Domain Adaptation

Software products have brought convenience to modern society but also pose significant security risks due to various types of vulnerabilities. Identifying vulnerability names is vital for program repair and software maintenance, but the lack of training data presents a challenge. Big data analytics and machine learning can help overcome this challenge by processing large amounts of data and improving the accuracy of vulnerability name prediction. Considering that the data is often from datasets composed of multiple sources, a feature-based or attention-based multi-source domain adaptation (MSDA) approach is required. In this paper, we propose an MSDA method based on both feature and attention to accomplish the task of predicting vulnerability names, called Multi-Source Domain Adaptation for Vulnerability Name Prediction (MSDA-VNP). First, MSDA-VNP reduces domain divergence by adversarial training and then uses domain-invariant features to obtain feature correlations between individual source and target domains. In combination with the obtained domain correlations, Weighted multi-kernel Maximum Mean Discrepancy (WMK-MMD) is proposed as the attention mechanism. Second, a data augmentation strategy is employed to enhance MSDA-VNP to identify privacy-related vulnerabilities. To evaluate our approach, we conducted experiments on eight Java real-world projects in the Software Assurance Reference Dataset (SARD). The experimental results show that the proposed method MSDA-VNP performed efficiently and stably for the 44 types of vulnerabilities involved. The data augmentation strategy has also been proved to be effective as an enhancement for the proposed method MSDA-VNP.