SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities 论文

2021IEEE Transactions on Dependable and Secure Computing引用 553
Information and Cyber SecurityWeb Application Security VulnerabilitiesSoftware Engineering Research

详细信息

发表期刊/会议
IEEE Transactions on Dependable and Secure Computing
发表日期
2021-02-09
发表年份
2021

关键词

Information and Cyber SecurityWeb Application Security VulnerabilitiesSoftware Engineering Research

摘要

The detection of software vulnerabilities (or vulnerabilities for short) is an important problem that has yet to be tackled, as manifested by the many vulnerabilities reported on a daily basis. This calls for machine learning methods for vulnerability detection. Deep learning is attractive for this purpose because it alleviates the requirement to manually define features. Despite the tremendous success of deep learning in other application domains, its applicability to vulnerability detection is not systematically understood. In order to fill this void, we propose the <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">first</i> systematic framework for using deep learning to detect vulnerabilities in C/C++ programs with source code. The framework, dubbed <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><u>Sy</u>ntax-based, <u>Se</u>mantics-based, and <u>V</u>ector <u>R</u>epresentations</i> (SySeVR), focuses on obtaining program representations that can accommodate syntax and semantic information pertinent to vulnerabilities. Our experiments with four software products demonstrate the usefulness of the framework: we detect 15 vulnerabilities that are not reported in the National Vulnerability Database. Among these 15 vulnerabilities, seven are unknown and have been reported to the vendors, and the other eight have been “silently” patched by the vendors when releasing newer versions of the pertinent software products.

作者

暂无数据

相关技术

暂无数据

相关事件

暂无数据

相关文章

暂无数据