Vulnerability Detection for Source Code Using Contextual LSTM

Xu, Aidong; Dai, Tao; Chen, Huajun; Zhe, Ming; Li, Weining

doi:10.1109/icsai.2018.8599360

Cited by 21 publications

(17 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some of the reviewed works use a single form of graphical representation for their feature extraction [14–19, 71, 73, 75, 80, 87 ] (b) Code block‐based feature representation: For code block‐based feature representation, studies under this category utilise DNNs for extracting feature representations from sequential code entities such as function calls, code snippets, code gadgets, and so on. Some of the reviewed papers rely on the use of code block‐based representations of source code [67, 70, 72, 74, 76, 77, 82, 83, 85 ] (c) Text‐based feature representation: For this category of feature, representations are learned directly from the source code text surface. Examples include Lexed code representation and using the source code files directly.…”

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

“…However, in [86 ], the lexed source code representation is used in conjunction with CFGs as a form of build based feature extraction. (e) Others: Among the reviewed works, several other forms of source code representation are utilised as portable output features. Such feature source representations include utilising the source code files themselves [78 ], representing the source code as code tokens [67, 74, 76 ], dividing source code files into code slices [72, 84 ] and using function calls [70 ]. Besides, other forms of representation include the use of vectors such as binary feature vectors [60 ] and bags of characters [79 ].…”

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

“…Recognising whether a source code file is vulnerable or not is highly significant as it helps testers focus their tests on catering to these files, which have a high possibility of being vulnerable. Also, this objective has been studied in the literature, and several reviewed papers target identifying whether a set of source code files are vulnerable or not [14, 16, 18, 19, 60, 67–76 ]. Considering a large number of vulnerable source code that is available, the significance of recognising which files are vulnerable can help reduce the workload on testers.…”

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

“…Among the reviewed works several of them use some form of RNNs. classical RNNs [86 ], long short‐term memory (LSTM) [16, 67, 69, 70, 73, 76, 83 ], contextual long short‐term memory (CLSTM) [72 ], bidirectional recurrent neural networks (BRNNs) [17, 74 ], bidirectional gated recurrent unit (BGRU) [83 ], and bidirectional long short‐term memory (BLSTM) [14, 15, 19, 77, 79, 82–85 ].…”

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

“…This issue has been highlighted by several reviewed papers as a limitation that can be explored in the future. On several of the surveyed works the programming language of the data set focus ranges from C/C++ [14, 15, 17, 19, 69–72, 77–87 ] and JavaScript [18, 60, 79 ]. Having a data set that consists of multiple programming languages would require further exploration.…”

Section: Issues and Challengesmentioning

confidence: 99%

See 4 more Smart Citations

Literature survey of deep learning-based vulnerability analysis on source code

Semasaba

Zheng

et al. 2020

IET Software

View full text Add to dashboard Cite

Vulnerabilities in software source code are one of the critical issues in the realm of software code auditing. Due to their high impact, several approaches have been studied in the past few years to mitigate the damages from such vulnerabilities. Among the approaches, deep learning has gained popularity throughout the years to address such issues. In this literature survey, the authors provide an extensive review of the many works in the field software vulnerability analysis that utilise deep learning‐based techniques. The reviewed works are systemised according to their objectives (i.e. the type of vulnerability analysis aspect), the area of focus (i.e. the focus area of the analysis), what information about source code is used (i.e. the features), and what deep learning techniques they employ (i.e. what algorithm is used to process the input and produce the output). They also study the limitations of the papers and topical trends concerning vulnerability analysis.

show abstract

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning

confidence: 99%

Section: Issues and Challengesmentioning

confidence: 99%

See 3 more Smart Citations

Literature survey of deep learning-based vulnerability analysis on source code

Semasaba

Zheng

et al. 2020

IET Software

View full text Add to dashboard Cite

show abstract

Multi-class vulnerability prediction using value flow and graph neural networks

McLaughlin,

2024

Neural Comput & Applic

View full text Add to dashboard Cite

In recent years, machine learning models have been increasingly used to detect security vulnerabilities in software, due to their ability to achieve high performance and lower false positive rates compared to traditional program analysis tools. However, these models often lack the capability to provide a clear explanation for why a program has been flagged as vulnerable, leaving developers with little reasoning to work with. We present a new method which not only identifies the presence of vulnerabilities in a program, but also the specific type of error, considering the whole program rather than just individual functions. Our approach utilizes graph neural networks that employ inter-procedural value flow graphs, and instruction embedding from the LLVM Intermediate Representation, to predict a class. By mapping these classes to the Common Weakness Enumeration list, we provide a clear indication of the security issue found, saving developers valuable time which would otherwise be spent analyzing a binary vulnerable/non-vulnerable label. To evaluate our method’s effectiveness, we used two datasets: one containing memory-related errors (out of bound array accesses), and the other a range of vulnerabilities from the Juliet Test Suite, including buffer and integer overflows, format strings, and invalid frees. Our model, implemented using PyTorch and the Gated Graph Sequence Neural Network from Torch-Geometric, achieved a precision of 96.35 and 91.59% on the two datasets, respectively. Compared to common static analysis tools, our method produced roughly half the number of false positives, while identifying approximately three times the number of vulnerable samples. Compared to recent machine learning systems, we achieve similar performance while offering the added benefit of differentiating between classes. Overall, our approach represents a meaningful improvement in software vulnerability detection, providing developers with valuable insights to better secure their code.

show abstract

Identifying algorithm in program code based on structural features using CNN classification model

et al. 2022

View full text Add to dashboard Cite

In software, an algorithm is a well-organized sequence of actions that provides the optimal way to complete a task. Algorithmic thinking is also essential to break-down a problem and conceptualize solutions in some steps. The proper selection of an algorithm is pivotal to improve computational performance and software productivity as well as to programming learning. That is, determining a suitable algorithm from a given code is widely relevant in software engineering and programming education. However, both humans and machines find it difficult to identify algorithms from code without any meta-information. This study aims to propose a program code classification model that uses a convolutional neural network (CNN) to classify codes based on the algorithm. First, program codes are transformed into a sequence of structural features (SFs). Second, SFs are transformed into a one-hot binary matrix using several procedures. Third, different structures and hyperparameters of the CNN model are fine-tuned to identify the best model for the code classification task. To do so, 61,614 real-world program codes of different types of algorithms collected from an online judge system are used to train, validate, and evaluate the model. Finally, the experimental results show that the proposed model can identify algorithms and classify program codes with a high percentage of accuracy. The average precision, recall, and F-measure scores of the best CNN model are 95.65%, 95.85%, and 95.70%, respectively, indicating that it outperforms other baseline models.

show abstract

Vulnerability Detection for Source Code Using Contextual LSTM

Cited by 21 publications

References 9 publications

Literature survey of deep learning-based vulnerability analysis on source code

Literature survey of deep learning-based vulnerability analysis on source code

Multi-class vulnerability prediction using value flow and graph neural networks

Identifying algorithm in program code based on structural features using CNN classification model

Contact Info

Product

Resources

About