{"id":20484798,"url":"https://github.com/sap-samples/security-research-confounding-effects","last_synced_at":"2026-05-13T20:33:13.965Z","repository":{"id":212571328,"uuid":"684948612","full_name":"SAP-samples/security-research-confounding-effects","owner":"SAP-samples","description":"This repository contains the source code for our paper \"Broken Promises: Measuring Confounding Effects in Learning-based Vulnerability Discovery\" that was accepted at AISec '23.","archived":false,"fork":false,"pushed_at":"2025-03-07T19:03:00.000Z","size":83843,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-11-09T00:13:44.851Z","etag":null,"topics":["machine-learning","research","sample","sap","security","security-research","vulnerability-discovery"],"latest_commit_sha":null,"homepage":"","language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SAP-samples.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-08-30T07:24:36.000Z","updated_at":"2025-04-04T03:37:36.000Z","dependencies_parsed_at":null,"dependency_job_id":"43caeb59-63b8-4c21-a8d7-316eede429fb","html_url":"https://github.com/SAP-samples/security-research-confounding-effects","commit_stats":null,"previous_names":["sap-samples/security-research-confounding-effects"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/SAP-samples/security-research-confounding-effects","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-samples%2Fsecurity-research-confounding-effects","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-samples%2Fsecurity-research-confounding-effects/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-samples%2Fsecurity-research-confounding-effects/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-samples%2Fsecurity-research-confounding-effects/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SAP-samples","download_url":"https://codeload.github.com/SAP-samples/security-research-confounding-effects/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-samples%2Fsecurity-research-confounding-effects/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32999329,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"ssl_error","status_checked_at":"2026-05-13T13:14:51.610Z","response_time":115,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["machine-learning","research","sample","sap","security","security-research","vulnerability-discovery"],"created_at":"2024-11-15T16:25:46.026Z","updated_at":"2026-05-13T20:33:13.949Z","avatar_url":"https://github.com/SAP-samples.png","language":"Jupyter Notebook","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Broken Promises: Measuring Confounding Effects in Learning-based Vulnerability Discovery\n\u003c!-- Please include descriptive title --\u003e\n\n[![REUSE status](https://api.reuse.software/badge/github.com/SAP-samples/security-research-confounding-effects)](https://api.reuse.software/info/github.com/SAP-samples/security-research-confounding-effects)\n\nThis repository contains the source code for our paper \"Broken Promises: Measuring Confounding Effects in Learning-based Vulnerability Discovery\" that was accepted at AISec '23.\n\n## Repository Structure\n\nExperiments regarding the Causal Graph Model reside in `CGIN`, while experiments using the StackLSTM are in `StackLSTM`. Experiments using CodeT5+ and LineVul are in `LLM`. The directory `Perturbations` contains scripts to apply obfuscation and styling to obtain the perturbed training data. The experiments using the graph-based model `ReVeal` were performed using [this repository](https://github.com/SAP-samples/security-research-codegraphsmote). We used and modified the original code from both [LineVul](https://github.com/awsm-research/LineVul) and [CodeT5](https://github.com/salesforce/CodeT5) for finetuning all our LLM models.\n\n## Requirements\n\nFor `LLM`:\n- Python\n- PyTorch\n- transformers\n- datasets\n- scikit-learn\n- numpy\n- matplotlib\n- tqdm\n- tree_sitter\n- sacrebleu==1.2.11\n\nFor `CGIN`:\n- Python\n- PyTorch\n- PyTorch Geometric\n- torch_scatter\n- numpy\n- networkx\n- scikit-learn\n- tqdm\n- gensim\n\nFor `StackLSTM`:\n- Python\n- PyTorch\n- tqdm\n- sctokenizer\n- scikit-learn\n- pickle\n- torchray\n- stacknn\n\nFor `Perturbations` / for generating the perturbed dataset:\n- Download the file from [here](https://github.com/jogonba2/CObfuscator/blob/61bf098367e671811ec58382d4e12e3764ba5fee/cobfuscator.py) and move it to the folder `Perturbations`\n- Download the file from [here](https://github.com/whoward3/C-Code-Obfuscator/blob/05d4555f9daea1f12d8690d488aa4a17157448b7/obfuscator/obfuscator.py) and also move it to the folder `Perturbations`\n\n\n## How to obtain support\n[Create an issue](https://github.com/SAP-samples/\u003crepository-name\u003e/issues) in this repository if you find a bug or have questions about the content.\n \nFor additional support, [ask a question in SAP Community](https://answers.sap.com/questions/ask.html).\n\n## Contributing\nIf you wish to contribute code, offer fixes or improvements, please send a pull request. Due to legal reasons, contributors will be asked to accept a DCO when they create the first pull request to this project. This happens in an automated fashion during the submission process. SAP uses [the standard DCO text of the Linux Foundation](https://developercertificate.org/).\n\n## License\nCopyright (c) 2023 SAP SE or an SAP affiliate company. All rights reserved. This project is licensed under the Apache Software License, version 2.0 except as noted otherwise in the [LICENSE](LICENSE) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsap-samples%2Fsecurity-research-confounding-effects","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsap-samples%2Fsecurity-research-confounding-effects","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsap-samples%2Fsecurity-research-confounding-effects/lists"}