A Hierarchical Deep Neural Network for Detecting Lines of Codes with Vulnerabilities

11/15/2022
by   Arash Mahyari, et al.
0

Software vulnerabilities, caused by unintentional flaws in source codes, are the main root cause of cyberattacks. Source code static analysis has been used extensively to detect the unintentional defects, i.e. vulnerabilities, introduced into the source codes by software developers. In this paper, we propose a deep learning approach to detect vulnerabilities from their LLVM IR representations based on the techniques that have been used in natural language processing. The proposed approach uses a hierarchical process to first identify source codes with vulnerabilities, and then it identifies the lines of codes that contribute to the vulnerability within the detected source codes. This proposed two-step approach reduces the false alarm of detecting vulnerable lines. Our extensive experiment on real-world and synthetic codes collected in NVD and SARD shows high accuracy (about 98%) in detecting source code vulnerabilities.

READ FULL TEXT
research
05/06/2021

Security Vulnerability Detection Using Deep Learning Natural Language Processing

Detecting security vulnerabilities in software before they are exploited...
research
10/12/2019

Statically Detecting Vulnerabilities by Processing Programming Languages as Natural Languages

Web applications continue to be a favorite target for hackers due to a c...
research
12/16/2020

A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities

This paper presents DeepTective, a deep learning approach to detect vuln...
research
02/05/2022

GraphEye: A Novel Solution for Detecting Vulnerable Functions Based on Graph Attention Network

With the continuous extension of the Industrial Internet, cyber incident...
research
07/15/2019

DeepRace: Finding Data Race Bugs via Deep Learning

With the proliferation of multi-core hardware, parallel programs have be...
research
08/29/2018

Timelines for In-Code Discovery of Zero-Day Vulnerabilities and Supply-Chain Attacks

Zero-day vulnerabilities can be accidentally or maliciously placed in co...
research
08/20/2023

Can Large Language Models Find And Fix Vulnerable Software?

In this study, we evaluated the capability of Large Language Models (LLM...

Please sign up or login with your details

Forgot password? Click here to reset