Deakin University
Browse

File(s) under permanent embargo

Automatic Feature Learning for Predicting Vulnerable Software Components

Version 2 2024-06-06, 09:06
Version 1 2019-01-24, 15:10
journal contribution
posted on 2024-06-06, 09:06 authored by HK Dam, Truyen TranTruyen Tran, T Pham, SW Ng, J Grundy, A Ghose
IEEE Code flaws or vulnerabilities are prevalent in software systems and can potentially cause a variety of problems including deadlock, hacking, information loss and system failure. A variety of approaches have been developed to try and detect the most likely locations of such code vulnerabilities in large code bases. Most of them rely on manually designing code features (e.g. complexity metrics or frequencies of code tokens) that represent the characteristics of the potentially problematic code to locate. However, all suffer from challenges in sufficiently capturing both semantic and syntactic representation of source code, an important capability for building accurate prediction models. In this paper, we describe a new approach, built upon the powerful deep learning Long Short Term Memory model, to automatically learn both semantic and syntactic features of code. Our evaluation on 18 Android applications and the Firefox application demonstrates that the prediction power obtained from our learned features is better than what is achieved by state of the art vulnerability prediction models, for both within-project prediction and cross-project prediction.

History

Journal

IEEE Transactions on Software Engineering

Volume

47

Pagination

67-85

Location

Piscataway, N.J.

ISSN

0098-5589

eISSN

1939-3520

Language

English

Notes

In Press

Publication classification

C Journal article, C1 Refereed article in a scholarly journal

Copyright notice

2018, IEEE

Issue

1

Publisher

IEEE COMPUTER SOC