Detecting vulnerability in source code using CNN and LSTM network

Guo, Junjun; Wang, Zhengyuan; Li, Haonan; Xue, Yang

doi:10.1007/s00500-021-05994-w

Cited by 10 publications

(5 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Zagane et al [23] constructed a data set containing 16 code metrics from publicly available data sets and, unlike previous approaches using long-and shortterm memory networks and K-neighborhood algorithms, the proposed vulnerability detection model uses Multi-Layer Perceptron (MLP) for representation learning and achieves 76.9% accuracy in the real-world code metric data set. In addition, based on the existing code metric-based vulnerability detection, Guo et al [24] constructed a data set containing 21 code metrics, including two new complexity metrics, and proposed a compound deep learning-based vulnerability model VulExplore for this data set. e model obtained a precision of over 81% and reduced both the FNR and FPR to under 20%.…”

Section: Pattern-basedmentioning

confidence: 99%

SFN: A Novel Scalable Feature Network for Vulnerability Representation of Open-Source Codes

Guo

Wang

Zhang

et al. 2022

Computational Intelligence and Neuroscience

Self Cite

View full text Add to dashboard Cite

Vulnerability detection technology has become a hotspot in the field of software security, and most of the current methods do not have a complete consideration during code characterizing, which leads to problems such as information loss. Therefore, this paper proposes one class of Scalable Feature Network (SFN), a composite feature extraction method based on Continuous Bag of Words and Convolutional Neural Network. In addition, to characterize the source code more comprehensively, we construct multiscale code metrics in terms of semantic-, line-, and function granularity. In order to verify the effectiveness of the SFN, this paper builds a Scalable Vulnerability Detection Model (SVDM) by combining SFN with Bi-LSTM. The experimental results show that the proposed SVDM can obtain precision over 84.3% and recall at 83.4%, respectively, while both FNR and FPR are less than 17%.

show abstract

Section: Pattern-basedmentioning

confidence: 99%

SFN: A Novel Scalable Feature Network for Vulnerability Representation of Open-Source Codes

Guo

Wang

Zhang

et al. 2022

Computational Intelligence and Neuroscience

Self Cite

View full text Add to dashboard Cite

show abstract

“…Research has evolved from early applications of multi-layer perceptron (MLP) to more recent studies using CNNs or LSTMs, 42,43 and until recently using GNNs-based approaches. 44 The evolving network structure suggests that researchers have invested a significant amount of research effort to explore the potential of neural networks for semantic reasoning about code, as well as for facilitating rich patterns of vulnerability discovery.…”

Section: Deep Learning Modelsmentioning

confidence: 99%

“…Network models for vulnerability detection are becoming more sophisticated and expressive in order to better learn the code semantics of vulnerable code fragments, and to reduce the amount of effort required for code analysis efforts. Research has evolved from early applications of multi‐layer perceptron (MLP) to more recent studies using CNNs or LSTMs, 42,43 and until recently using GNNs‐based approaches 44 . The evolving network structure suggests that researchers have invested a significant amount of research effort to explore the potential of neural networks for semantic reasoning about code, as well as for facilitating rich patterns of vulnerability discovery.…”

Section: Related Workmentioning

confidence: 99%

VulGraB: Graph‐embedding‐based code vulnerability detection with bi‐directional gated graph neural network

Wang

Chen

2023

Softw Pract Exp

View full text Add to dashboard Cite

Code vulnerabilities can have serious consequences such as system attacks and data leakage, making it crucial to perform code vulnerability detection during the software development phase. Deep learning is an emerging approach for vulnerability detection tasks. Existing deep learning‐based code vulnerability detection methods are usually based on word2vec embedding of linear sequences of source code, followed by code vulnerability detection through RNNs network. However, such methods can only capture the superficial structural or syntactic information of the source code text, which is not suitable for modeling the complex control flow and data flow and miss edge information in the graph structure constructed by the source code, with limited effect of neural network model. To solve the above problems, this article proposes a code vulnerability detection method, named VulGraB, which is based on graph embedding and bidirectional gated graph neural networks. VulGraB uses node2vec to convert the program‐dependent graphs into graph embeddings of the code, which contain rich structure information of the source code, improving the ability of features to express nonlinear information to a certain extent. Then the BiGGNN is used for training, and finally the accuracy of the detection results is evaluated using target program. The bi‐directional gated neural network utilizes a bi‐directional recurrent structure, which is beneficial to global information aggregation. The experimental results show that the accuracy of VulGraB is significantly improved over the baseline models on two datasets, with F1 scores of 85.89% and 97.24% being the highest, demonstrating that VulGraB consistently outperforms other effective vulnerability detection models.

show abstract

“…But these algorithms have failed to provide high levels of accuracy. After the deep learning evolution, some researchers have applied convolutional neural network (CNN), recurrent network (RNN), and long short term memory (LSTM) options to detect different kinds of vulnerabilities [16] [17]. These deep learning models can provide an advanced performance than common machine learning algorithms and the accuracy of experimental results are also better than previous traditional machine learning algorithms.…”

Section: Related Workmentioning

confidence: 99%

Low Level Source Code Vulnerability Detection Using Advanced BERT Language Model

Alqarni¹,

Azim²

2022

Proceedings of the Canadian Conference on Artificial Intelligence

View full text Add to dashboard Cite

In software security and reliability, automated vulnerability detection is an essential and compulsory task. Software needs to be tested and checked before it goes to the client for production. As technology changes rapidly, source code is also becoming massive. Thus the adequate accuracy of automated vulnerability detection has become very important to produce secure software and remove security concerns. According to previous research, a deep and recurrent neural network model can not satisfactorily test accuracy to detect all vulnerabilities. In this paper, we introduce experimental research on Bidirectional Encoder Representations Transformers (BERT), a state-of-the-art natural language processing model aimed to improve test accuracy, contributing to updates to the development of deep layers of the BERT model. As well, we balance and fine-tune the dataset of the model with improved parameters. This combination of changes achieves new levels of accuracy for the BERT model, with 99.30% test accuracy in detecting source code vulnerabilities. We have made our balanced dataset and advanced model publicly available for any research purposes.

show abstract

Detecting vulnerability in source code using CNN and LSTM network

Cited by 10 publications

References 23 publications

SFN: A Novel Scalable Feature Network for Vulnerability Representation of Open-Source Codes

SFN: A Novel Scalable Feature Network for Vulnerability Representation of Open-Source Codes

VulGraB: Graph‐embedding‐based code vulnerability detection with bi‐directional gated graph neural network

Low Level Source Code Vulnerability Detection Using Advanced BERT Language Model

Contact Info

Product

Resources

About