DeepAI AI Chat
Log In Sign Up

Multi-context Attention Fusion Neural Network for Software Vulnerability Identification

04/19/2021
by   Anshul Tanwar, et al.
0

Security issues in shipped code can lead to unforeseen device malfunction, system crashes or malicious exploitation by crackers, post-deployment. These vulnerabilities incur a cost of repair and foremost risk the credibility of the company. It is rewarding when these issues are detected and fixed well ahead of time, before release. Common Weakness Estimation (CWE) is a nomenclature describing general vulnerability patterns observed in C code. In this work, we propose a deep learning model that learns to detect some of the common categories of security vulnerabilities in source code efficiently. The AI architecture is an Attention Fusion model, that combines the effectiveness of recurrent, convolutional and self-attention networks towards decoding the vulnerability hotspots in code. Utilizing the code AST structure, our model builds an accurate understanding of code semantics with a lot less learnable parameters. Besides a novel way of efficiently detecting code vulnerability, an additional novelty in this model is to exactly point to the code sections, which were deemed vulnerable by the model. Thus helping a developer to quickly focus on the vulnerable code sections; and this becomes the "explainable" part of the vulnerability detection. The proposed AI achieves 98.40 specific CWEs from the benchmarked NIST SARD dataset and compares well with state of the art.

READ FULL TEXT
11/25/2022

Deep-Learning-based Vulnerability Detection in Binary Executables

The identification of vulnerabilities is an important element in the sof...
07/19/2021

CVEfixes: Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software

Data-driven research on the automated discovery and repair of security v...
05/25/2022

VulBERTa: Simplified Source Code Pre-Training for Vulnerability Detection

This paper presents VulBERTa, a deep learning approach to detect securit...
02/23/2023

Detecting software vulnerabilities using Language Models

Recently, deep learning techniques have garnered substantial attention f...
01/12/2023

Against Algorithmic Exploitation of Human Vulnerabilities

Decisions such as which movie to watch next, which song to listen to, or...
05/05/2022

The Race to the Vulnerable: Measuring the Log4j Shell Incident

The critical remote-code-execution (RCE) Log4Shell is a severe vulnerabi...