Toward Large-Scale Vulnerability Discovery using Machine Learning

Grieco, Gustavo; Grinblat, Guillermo L.; Uzal, Lucas C.; Rawat, Sanjay; Feist, Josselin; Mounier, Laurent

doi:10.1145/2857705.2857720

Cited by 180 publications

(76 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the third category, patterns are generated semi-automatically from type-agnostic vulnerabilities (i.e., no need to pre-classify them into different types). These methods use machine learning techniques, which rely on human experts for defining features to characterize vulnerabilities [19], [37], [38], [49], [59], [60]. Moreover, these methods cannot pin down the precise locations of vulnerabilities because programs are represented in coarse-grained granularity (e.g., program [19], package [37], component [38], [46], file [35], [49], and function [59], [60]).…”

Section: A Prior Work In Vulnerability Detectionmentioning

confidence: 99%

“…An alternate approach is to automatically detect vulnerabilities in software programs, or simply programs for short. There have been many static vulnerability detection systems and studies for this purpose, ranging from open source tools [6], [11], [52], to commercial tools [2], [3], [7], to academic research projects [19], [28], [32], [37], [38], [49], [59], [60]. However, existing solutions for detecting vulnerabilities have two major drawbacks: imposing intense manual labor and incurring high false negative rates, which are elaborated below.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

VulDeePecker: A Deep Learning-Based System for Vulnerability Detection

Li¹,

Zou²,

Xu³

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

583

498

View full text Add to dashboard Cite

Abstract-The automatic detection of software vulnerabilities is an important research problem. However, existing solutions to this problem rely on human experts to define features and often miss many vulnerabilities (i.e., incurring high false negative rate). In this paper, we initiate the study of using deep learning-based vulnerability detection to relieve human experts from the tedious and subjective task of manually defining features. Since deep learning is motivated to deal with problems that are very different from the problem of vulnerability detection, we need some guiding principles for applying deep learning to vulnerability detection. In particular, we need to find representations of software programs that are suitable for deep learning. For this purpose, we propose using code gadgets to represent programs and then transform them into vectors, where a code gadget is a number of (not necessarily consecutive) lines of code that are semantically related to each other. This leads to the design and implementation of a deep learning-based vulnerability detection system, called Vulnerability Deep Pecker (VulDeePecker). In order to evaluate VulDeePecker, we present the first vulnerability dataset for deep learning approaches. Experimental results show that VulDeePecker can achieve much fewer false negatives (with reasonable false positives) than other approaches. We further apply VulDeePecker to 3 software products (namely Xen, Seamonkey, and Libav) and detect 4 vulnerabilities, which are not reported in the National Vulnerability Database but were "silently" patched by the vendors when releasing later versions of these products; in contrast, these vulnerabilities are almost entirely missed by the other vulnerability detection systems we experimented with.

show abstract

Section: A Prior Work In Vulnerability Detectionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

VulDeePecker: A Deep Learning-Based System for Vulnerability Detection

Li¹,

Zou²,

Xu³

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

583

498

View full text Add to dashboard Cite

show abstract

“…-Para2Vec: The paragraph-to-vector distributional similarity model proposed in [8] which allows us to embed paragraphs into a vector space which are further classified using a neural network. -VDiscover: An approach proposed in [4] that utilizes lightweight static features to "approximate" a code structure to seek similarities between program slices. -VulDeePecker: An approach proposed in [15] for source code vulnerability detection.…”

Section: Baselinesmentioning

confidence: 99%

“…The ability to detect the presence or absence of vulnerabilities in binary code, without getting access to source code, is therefore of major importance in the context of computer security. Some work has been proposed to detect vulnerabilities at the binary code level when source code is not available, notably work based on fuzzing, symbolic execution [1], or techniques using handcrafted features extracted from dynamic analysis [4]. Recently, the work of [10] has pioneered learning automatic features for binary software vulnerability detection.…”

Section: Introductionmentioning

confidence: 99%

Deep Cost-Sensitive Kernel Machine for Binary Software Vulnerability Detection

Nguyen

Nguyen³

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Owing to the sharp rise in the severity of the threats imposed by software vulnerabilities, software vulnerability detection has become an important concern in the software industry, such as the embedded systems industry, and in the field of computer security. Software vulnerability detection can be carried out at the source code or binary level. However, the latter is more impactful and practical since when using commercial software, we usually only possess binary software. In this paper, we leverage deep learning and kernel methods to propose the Deep Cost-sensitive Kernel Machine, a method that inherits the advantages of deep learning methods in efficiently tackling structural data and kernel methods in learning the characteristic of vulnerable binary examples with high generalization capacity. We conduct experiments on two real-world binary datasets. The experimental results have shown a convincing outperformance of our proposed method over the baselines.

show abstract

“…The need for datasets and their generation are recurrent topics related to several research fields. Thus, there are published works in research areas as varied as radio signal processing [29], vehicular technology [30,31], vehicle-to-vehicle and vehicle-to-infrastructure wireless communication [32], computer vision [33] and pattern recognition [34], cyber threat intelligence [35], host intrusion detection [36], network intrusion detection system [37,38], smart grids [39], and software vulnerabilities [40][41][42][43][44][45], among many others.…”

Section: Introductionmentioning

confidence: 99%

Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation

et al. 2020

View full text Add to dashboard Cite

Different Machine Learning techniques to detect software vulnerabilities have emerged in scientific and industrial scenarios. Different actors in these scenarios aim to develop algorithms for predicting security threats without requiring human intervention. However, these algorithms require data-driven engines based on the processing of huge amounts of data, known as datasets. This paper introduces the SonarCloud Vulnerable Code Prospector for C (SVCP4C). This tool aims to collect vulnerable source code from open source repositories linked to SonarCloud, an online tool that performs static analysis and tags the potentially vulnerable code. The tool provides a set of tagged files suitable for extracting features and creating training datasets for Machine Learning algorithms. This study presents a descriptive analysis of these files and overviews current status of C vulnerabilities, specifically buffer overflow, in the reviewed public repositories.

show abstract

Toward Large-Scale Vulnerability Discovery using Machine Learning

Cited by 180 publications

References 20 publications

VulDeePecker: A Deep Learning-Based System for Vulnerability Detection

VulDeePecker: A Deep Learning-Based System for Vulnerability Detection

Deep Cost-Sensitive Kernel Machine for Binary Software Vulnerability Detection

Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation

Contact Info

Product

Resources

About