{"id":"https://openalex.org/W4225673889","doi":"https://doi.org/10.1109/saner53432.2022.00114","title":"VELVET: a noVel Ensemble Learning approach to automatically locate VulnErable sTatements","display_name":"VELVET: a noVel Ensemble Learning approach to automatically locate VulnErable sTatements","publication_year":2022,"publication_date":"2022-03-01","ids":{"openalex":"https://openalex.org/W4225673889","doi":"https://doi.org/10.1109/saner53432.2022.00114"},"language":"en","primary_location":{"id":"doi:10.1109/saner53432.2022.00114","is_oa":false,"landing_page_url":"https://doi.org/10.1109/saner53432.2022.00114","pdf_url":null,"source":{"id":"https://openalex.org/S4363608226","display_name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5064527453","display_name":"Yangruibo Ding","orcid":"https://orcid.org/0000-0003-3224-6876"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yangruibo Ding","raw_affiliation_strings":["Columbia University"],"affiliations":[{"raw_affiliation_string":"Columbia University","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034331643","display_name":"Sahil Suneja","orcid":"https://orcid.org/0009-0005-5094-5779"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sahil Suneja","raw_affiliation_strings":["IBM Research"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039824895","display_name":"Yunhui Zheng","orcid":"https://orcid.org/0000-0002-6794-3199"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yunhui Zheng","raw_affiliation_strings":["IBM Research"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090845035","display_name":"Jim Laredo","orcid":"https://orcid.org/0000-0002-4915-0304"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jim Laredo","raw_affiliation_strings":["IBM Research"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076968229","display_name":"Alessandro Morari","orcid":"https://orcid.org/0009-0005-5006-8817"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Alessandro Morari","raw_affiliation_strings":["IBM Research"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090171418","display_name":"Gail E. Kaiser","orcid":"https://orcid.org/0000-0002-8791-1178"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gail Kaiser","raw_affiliation_strings":["Columbia University"],"affiliations":[{"raw_affiliation_string":"Columbia University","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5064541855","display_name":"Baishakhi Ray","orcid":"https://orcid.org/0000-0003-3406-5235"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Baishakhi Ray","raw_affiliation_strings":["Columbia University"],"affiliations":[{"raw_affiliation_string":"Columbia University","institution_ids":["https://openalex.org/I78577930"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5064527453"],"corresponding_institution_ids":["https://openalex.org/I78577930"],"apc_list":null,"apc_paid":null,"fwci":6.5788,"has_fulltext":false,"cited_by_count":47,"citation_normalized_percentile":{"value":0.97583298,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"959","last_page":"970"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.80101078748703},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.6303550004959106},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5312851071357727},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5139893889427185},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.49158939719200134},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.4567514657974243},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.43573105335235596},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.4190797209739685},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3382369875907898},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.23108968138694763}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.80101078748703},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.6303550004959106},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5312851071357727},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5139893889427185},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.49158939719200134},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.4567514657974243},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.43573105335235596},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.4190797209739685},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3382369875907898},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.23108968138694763},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/saner53432.2022.00114","is_oa":false,"landing_page_url":"https://doi.org/10.1109/saner53432.2022.00114","pdf_url":null,"source":{"id":"https://openalex.org/S4363608226","display_name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1460685883","display_name":null,"funder_award_id":"CCF-2107405,CCF-1845893,CCF-1815494,IIS-2040961","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320307762","display_name":"International Business Machines Corporation","ror":"https://ror.org/05hh8d621"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":55,"referenced_works":["https://openalex.org/W569478347","https://openalex.org/W777621473","https://openalex.org/W1963679610","https://openalex.org/W1990785546","https://openalex.org/W1992114977","https://openalex.org/W2001005268","https://openalex.org/W2010833880","https://openalex.org/W2059218484","https://openalex.org/W2101819268","https://openalex.org/W2119887272","https://openalex.org/W2128049346","https://openalex.org/W2130758759","https://openalex.org/W2153418968","https://openalex.org/W2170612356","https://openalex.org/W2244807774","https://openalex.org/W2603093875","https://openalex.org/W2603160474","https://openalex.org/W2781491433","https://openalex.org/W2888756142","https://openalex.org/W2899469232","https://openalex.org/W2921022558","https://openalex.org/W2958754741","https://openalex.org/W2962960733","https://openalex.org/W2963764936","https://openalex.org/W2963896559","https://openalex.org/W2965373594","https://openalex.org/W2967556797","https://openalex.org/W2992048510","https://openalex.org/W3034689979","https://openalex.org/W3035171481","https://openalex.org/W3035882142","https://openalex.org/W3042956498","https://openalex.org/W3043761819","https://openalex.org/W3089183726","https://openalex.org/W3098605233","https://openalex.org/W3101228802","https://openalex.org/W3107418514","https://openalex.org/W3127736190","https://openalex.org/W3161071537","https://openalex.org/W3161938055","https://openalex.org/W3163206498","https://openalex.org/W3166095789","https://openalex.org/W3170092793","https://openalex.org/W3177116043","https://openalex.org/W3194346579","https://openalex.org/W4212774754","https://openalex.org/W4233410239","https://openalex.org/W4288077069","https://openalex.org/W6739901393","https://openalex.org/W6745034332","https://openalex.org/W6755848887","https://openalex.org/W6756103864","https://openalex.org/W6767260250","https://openalex.org/W6771644057","https://openalex.org/W6772022830"],"related_works":["https://openalex.org/W2740264376","https://openalex.org/W4206999239","https://openalex.org/W2161928627","https://openalex.org/W4388482952","https://openalex.org/W2786113878","https://openalex.org/W2727867943","https://openalex.org/W3015562293","https://openalex.org/W4400860681","https://openalex.org/W1978161581","https://openalex.org/W2787155073"],"abstract_inverted_index":{"Automatically":[0],"locating":[1],"vulnerable":[2,28,70,97,115,143,167,207],"statements":[3],"in":[4,23,63,172],"source":[5],"code":[6,29,71,93,140],"is":[7,202,209],"crucial":[8],"to":[9,55,87,94,101,113,125,221],"assure":[10],"software":[11,25,38],"security":[12],"and":[13,33,36,51,121,130,137,142,155,223,231,238],"alleviate":[14],"developers'":[15],"debugging":[16],"efforts.":[17],"This":[18,104],"becomes":[19],"even":[20],"more":[21],"important":[22],"today's":[24],"ecosystem,":[26],"where":[27,166,194],"can":[30],"flow":[31],"easily":[32],"unwittingly":[34],"within":[35],"across":[37],"repositories":[39],"like":[40],"GitHub.":[41],"Across":[42],"such":[43,64],"millions":[44],"of":[45,47,92,133,199,226],"lines":[46],"code,":[48],"traditional":[49],"static":[50,163,182],"dynamic":[52],"approaches":[53,60],"struggle":[54],"scale.":[56],"Although":[57],"existing":[58],"machine-learning-based":[59],"look":[61],"promising":[62],"a":[65,73,89,108,134,156,200],"setting,":[66,165],"most":[67],"work":[68],"detects":[69],"at":[72,77],"higher":[74],"granularity":[75],"–":[76],"the":[78,96,128,162,180,185,189,197,205,243],"method":[79],"or":[80],"file":[81],"level.":[82],"Thus,":[83],"developers":[84],"still":[85],"need":[86,100],"inspect":[88],"significant":[90],"amount":[91],"locate":[95,114],"statement(s)":[98],"that":[99,218],"be":[102],"fixed.":[103],"paper":[105],"presents":[106],"Velvet,":[107],"novel":[109],"ensemble":[110],"learning":[111,246],"approach":[112],"statements.":[116],"Our":[117],"model":[118],"combines":[119],"graph-based":[120],"sequence-based":[122],"neural":[123,216],"networks":[124,217],"successfully":[126],"capture":[127],"local":[129,222],"global":[131,224],"context":[132,225],"program":[135],"graph":[136],"effectively":[138],"understand":[139],"semantics":[141],"patterns.":[144],"To":[145],"study":[146],"Velvet's":[147],"effectiveness,":[148],"we":[149,195,211],"use":[150],"an":[151],"off-the-shelf":[152],"synthetic":[153,236],"dataset":[154],"recently":[157],"published":[158],"real-world":[159,186,239],"dataset.":[160],"In":[161],"analysis":[164],"functions":[168],"are":[169],"not":[170],"detected":[171],"advance,":[173],"Velvet":[174,213,228],"achieves":[175,229],"4.5×":[176],"better":[177],"performance":[178],"than":[179],"baseline":[181,244],"analyzers":[183],"on":[184],"data.":[187],"For":[188],"isolated":[190],"vulnerability":[191,198],"localization":[192],"task,":[193],"assume":[196],"function":[201],"known":[203],"while":[204],"specific":[206],"statement":[208],"unknown,":[210],"compare":[212],"with":[214],"several":[215],"also":[219],"attend":[220],"code.":[227],"99.6%":[230],"43.6%":[232],"top-1":[233],"accuracy":[234],"over":[235],"data":[237],"data,":[240],"respectively,":[241],"outperforming":[242],"deep":[245],"models":[247],"by":[248],"5.3-29.0%.":[249]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":19},{"year":2024,"cited_by_count":11},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":5}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}