An Effective Software Vulnerability Detection Method Based On Devised Deep-Learning Model To Fix The Vague Separation

Abstract

SVD(Software Vulnerability Detection) methods based on automated deep learning is critical in software safety, they are designable and promising. Several function-level deep-learning SVD methods achieve an accuracy of up to 0.97 on open-source C/C++ datasets. However, as vulnerable samples have a low proportion in existing open-source datasets, these methods suffer from high false negative rate, they fail to identify cross-domain software vulnerabilities for neglecting the imbalance and vague separation of existing datasets. This paper proposes a novel framework based on the SeqGAN and TextCNN to fix the vague separation of aggregated 7 open-source C/C++ datasets, therefore improving the performance of SVD. As a result, SeqGAN&TextCNN scores 0.9385 of F1 score, compared with merely adopting the TextCNN, the method achieves an increase of 119% in recall and 31.31% in precision, and from the separations plotted by t-SNE, SeqGAN effectively improves the separation of original datasets. SeqGAN&TextCNN detects more vulnerable samples with low false negative rate, the method’ s F1 score is 79.58% higher than that of leveraging the VulDeePecker on 7 open-source C/C++ datasets.