DeepBalance: Deep-Learning and Fuzzy Oversampling for Vulnerability Detection

Liu, Shigang; Lin, Guanjun; Han, Qing‐Long; Wen, Sheng; Zhang, Jun; Xiang, Yang

doi:10.1109/tfuzz.2019.2958558

Cited by 67 publications

(44 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another difficulty in vulnerability prediction is the class imbalance prob-lem, arising from the fact that the number of vulnerable code samples is far less than the number of healthy code samples, which makes it hard to perform good prediction performance without giving too many false alarms. In this sense, the study [29] deals with the class imbalance problem in ML-based vulnerability detection approaches, and proposes a fuzzy oversampling method to balance the training data by generating synthetic samples for the minority class (i.e. vulnerable code samples).…”

Section: Related Workmentioning

confidence: 99%

Vulnerability Prediction From Source Code Using Machine Learning

Bilgin¹,

Ersoy²,

Soykan³

et al. 2020

IEEE Access

View full text Add to dashboard Cite

As the role of information and communication technologies gradually increases in our lives, software security becomes a major issue to provide protection against malicious attempts and to avoid ending up with noncompensable damages to the system. With the advent of data-driven techniques, there is now a growing interest in how to leverage machine learning (ML) as a software assurance method to build trustworthy software systems. In this study, we examine how to predict software vulnerabilities from source code by employing ML prior to their release. To this end, we develop a source code representation method that enables us to perform intelligent analysis on the Abstract Syntax Tree (AST) form of source code and then investigate whether ML can distinguish vulnerable and nonvulnerable code fragments. To make a comprehensive performance evaluation, we use a public dataset that contains a large amount of function-level real source code parts mined from open-source projects and carefully labeled according to the type of vulnerability if they have any. We show the effectiveness of our proposed method for vulnerability prediction from source code by carrying out exhaustive and realistic experiments under different regimes in comparison with state-of-art methods.

show abstract

Section: Related Workmentioning

confidence: 99%

Vulnerability Prediction From Source Code Using Machine Learning

Bilgin¹,

Ersoy²,

Soykan³

et al. 2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Therefore, the proposed technique means is applicable. Moreover, with regard to malware and vulnerability detection, the proposed attack method is applicable, because the method bypasses detection in the way of detecting malicious code or vulnerabilities presented by [15,16]. Specifically, this approach uses system-provided functions that are free from having vulnerabilities, so that an attack tool is not vulnerable or detected as malware.…”

Section: Usefulness Applicability and Performance Of The Proposed Tmentioning

confidence: 99%

Cybersecurity Threats Based on Machine Learning-Based Offensive Technique for Password Authentication

Lee

Yim

2020

Applied Sciences

View full text Add to dashboard Cite

Due to the emergence of online society, a representative user authentication method that is password authentication has been a key topic. However, in this authentication method, various attack techniques have emerged to steal passwords input from the keyboard, hence, the keyboard data does not ensure security. To detect and prevent such an attack, a keyboard data protection technique using random keyboard data generation has been presented. This technique protects keyboard data by generating dummy keyboard data while the attacker obtains the keyboard data. In this study, we demonstrate the feasibility of keyboard data exposure under the keyboard data protection technique. To prove the proposed attack technique, we gathered all the dummy keyboard data generated by the defense tool, and the real keyboard data input by the user, and evaluated the cybersecurity threat of keyboard data based on the machine learning-based offensive technique. We verified that an adversary obtains the keyboard data with 96.2% accuracy even if the attack technique that makes it impossible to attack keyboard data exposure is used. Namely, the proposed method in this study obviously differentiates the keyboard data input by the user from dummy keyboard data. Therefore, the contributions of this paper are that we derived and verified a new security threat and a new vulnerability of password authentication. Furthermore, a new cybersecurity threat derived from this study will have advantages over the security assessment of password authentication and all types of authentication technology and application services input from the keyboard.

show abstract

“…However, this paper's detection granularity is not fine-grained enough to allow code inspectors to pinpoint the vulnerabilities related to specific code lines because it only works at the file level. The DBN used for learning semantic representations has motivated follow-up researchers to apply various types of neural networks for learning abstract feature representations for defect and vulnerability detection, such as [29], [35]- [37], [42], [47], [59]. Hence, expert-defined features are not the necessity when deep learning is involved.…”

Section: A Identifying Game Changersmentioning

confidence: 99%

Software Vulnerability Analysis and Discovery Using Deep Learning Techniques: A Survey

et al. 2020

Self Cite

View full text Add to dashboard Cite

Exploitable vulnerabilities in software have attracted tremendous attention in recent years because of their potentially high severity impact on computer security and information safety. Many vulnerability detection methods have been proposed to aid code inspection. Among these methods, there is a line of studies that apply machine learning techniques and achieve promising results. This paper reviews 22 recent studies that adopt deep learning to detect vulnerabilities, aiming to show how they utilize state-ofthe-art neural techniques to capture possible vulnerable code patterns. Among reviewed studies, we identify four game changers that significantly impact the domain of deep learning-based vulnerability detection and provide detailed reviews of the insights, ideas, and concepts that the game changers have brought to this field of interest. Based on the four identified game changers, we review the remaining studies, presenting their approaches and solutions which either build on or extend the game changers, and sharing our views on the future research trends. We also highlight the challenges faced in this field and discuss potential research directions. We hope to motivate the readers to conduct further research in this developing but fast-growing field.INDEX TERMS deep learning, vulnerability detection.

show abstract

DeepBalance: Deep-Learning and Fuzzy Oversampling for Vulnerability Detection

Cited by 67 publications

References 48 publications

Vulnerability Prediction From Source Code Using Machine Learning

Vulnerability Prediction From Source Code Using Machine Learning

Cybersecurity Threats Based on Machine Learning-Based Offensive Technique for Password Authentication

Software Vulnerability Analysis and Discovery Using Deep Learning Techniques: A Survey

Contact Info

Product

Resources

About