Using Multiple Code Representations to Prioritize Static Analysis Warnings

09/25/2022
by   Thanh Trong Vu, et al.
0

In order to ensure the quality of software and prevent attacks from hackers on critical systems, static analysis tools are frequently utilized to detect vulnerabilities in the early development phase. However, these tools often report a large number of warnings with a high false-positive rate, which causes many difficulties for developers. In this paper, we introduce VulRG, a novel approach to address this problem. Specifically, VulRG predicts and ranks the warnings based on their likelihoods to be true positive. To predict that likelihood, VulRG combines two deep learning models CNN and BiGRU to capture the context of each warning in terms of program syntax, control flow, and program dependence. Our experimental results on a real-world dataset of 6,620 warnings show that VulRG's Recall at Top-50 VulRG, 90 warnings. Moreover, at Top-5 by +30

READ FULL TEXT

page 3

page 4

research
10/07/2021

Ranking Warnings of Static Analysis Tools Using Representation Learning

Static analysis tools are frequently used to detect potential vulnerabil...
research
06/27/2023

Automated Static Warning Identification via Path-based Semantic Representation

Despite their ability to aid developers in detecting potential defects e...
research
05/04/2023

A Study of Static Warning Cascading Tools (Experience Paper)

Static analysis is widely used for software assurance. However, static a...
research
04/21/2021

Assessing Validity of Static Analysis Warnings using Ensemble Learning

Static Analysis (SA) tools are used to identify potential weaknesses in ...
research
08/29/2018

Towards security defect prediction with AI

In this study, we investigate the limits of the current state of the art...
research
05/21/2022

How to Find Actionable Static Analysis Warnings

Automatically generated static code warnings suffer from a large number ...
research
11/12/2019

MCPA: Program Analysis as Machine Learning

Static program analysis today takes an analytical approach which is quit...

Please sign up or login with your details

Forgot password? Click here to reset