Saved in:
Bibliographic Details
Main Authors: Lu, Chaomeng, Li, Tianyu, Dehaene, Toon, Lagaisse, Bert
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2505.08503
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912373537767424
author Lu, Chaomeng
Li, Tianyu
Dehaene, Toon
Lagaisse, Bert
author_facet Lu, Chaomeng
Li, Tianyu
Dehaene, Toon
Lagaisse, Bert
contents Machine learning-based software vulnerability detection requires high-quality datasets, which is essential for training effective models. To address challenges related to data label quality, diversity, and comprehensiveness, we constructed ICVul, a dataset emphasizing data quality and enriched with comprehensive metadata, including Vulnerability-Contributing Commits (VCCs). We began by filtering Common Vulnerabilities and Exposures from the NVD, retaining only those linked to GitHub fix commits. Then we extracted functions and files along with relevant metadata from these commits and used the SZZ algorithm to trace VCCs. To further enhance label reliability, we developed the ESC (Eliminate Suspicious Commit) technique, ensuring credible data labels. The dataset is stored in a relational-like database for improved usability and data integrity. Both ICVul and its construction framework are publicly accessible on GitHub, supporting research in related field.
format Preprint
id arxiv_https___arxiv_org_abs_2505_08503
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle ICVul: A Well-labeled C/C++ Vulnerability Dataset with Comprehensive Metadata and VCCs
Lu, Chaomeng
Li, Tianyu
Dehaene, Toon
Lagaisse, Bert
Software Engineering
Machine learning-based software vulnerability detection requires high-quality datasets, which is essential for training effective models. To address challenges related to data label quality, diversity, and comprehensiveness, we constructed ICVul, a dataset emphasizing data quality and enriched with comprehensive metadata, including Vulnerability-Contributing Commits (VCCs). We began by filtering Common Vulnerabilities and Exposures from the NVD, retaining only those linked to GitHub fix commits. Then we extracted functions and files along with relevant metadata from these commits and used the SZZ algorithm to trace VCCs. To further enhance label reliability, we developed the ESC (Eliminate Suspicious Commit) technique, ensuring credible data labels. The dataset is stored in a relational-like database for improved usability and data integrity. Both ICVul and its construction framework are publicly accessible on GitHub, supporting research in related field.
title ICVul: A Well-labeled C/C++ Vulnerability Dataset with Comprehensive Metadata and VCCs
topic Software Engineering
url https://arxiv.org/abs/2505.08503