软件漏洞预测知识在编程语言间的传递

International Conference on Evaluation of Novel Approaches to Software Engineering Pub Date : 2023-03-10 DOI:10.48550/arXiv.2303.06177

Khadija Hanifi, R. Fouladi, Basak Gencer Unsalver, Goksu Karadag

{"title":"软件漏洞预测知识在编程语言间的传递","authors":"Khadija Hanifi, R. Fouladi, Basak Gencer Unsalver, Goksu Karadag","doi":"10.48550/arXiv.2303.06177","DOIUrl":null,"url":null,"abstract":"Developing automated and smart software vulnerability detection models has been receiving great attention from both research and development communities. One of the biggest challenges in this area is the lack of code samples for all different programming languages. In this study, we address this issue by proposing a transfer learning technique to leverage available datasets and generate a model to detect common vulnerabilities in different programming languages. We use C source code samples to train a Convolutional Neural Network (CNN) model, then, we use Java source code samples to adopt and evaluate the learned model. We use code samples from two benchmark datasets: NIST Software Assurance Reference Dataset (SARD) and Draper VDISC dataset. The results show that proposed model detects vulnerabilities in both C and Java codes with average recall of 72\\%. Additionally, we employ explainable AI to investigate how much each feature contributes to the knowledge transfer mechanisms between C and Java in the proposed model.","PeriodicalId":420861,"journal":{"name":"International Conference on Evaluation of Novel Approaches to Software Engineering","volume":"74 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Software Vulnerability Prediction Knowledge Transferring Between Programming Languages\",\"authors\":\"Khadija Hanifi, R. Fouladi, Basak Gencer Unsalver, Goksu Karadag\",\"doi\":\"10.48550/arXiv.2303.06177\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Developing automated and smart software vulnerability detection models has been receiving great attention from both research and development communities. One of the biggest challenges in this area is the lack of code samples for all different programming languages. In this study, we address this issue by proposing a transfer learning technique to leverage available datasets and generate a model to detect common vulnerabilities in different programming languages. We use C source code samples to train a Convolutional Neural Network (CNN) model, then, we use Java source code samples to adopt and evaluate the learned model. We use code samples from two benchmark datasets: NIST Software Assurance Reference Dataset (SARD) and Draper VDISC dataset. The results show that proposed model detects vulnerabilities in both C and Java codes with average recall of 72\\\\%. Additionally, we employ explainable AI to investigate how much each feature contributes to the knowledge transfer mechanisms between C and Java in the proposed model.\",\"PeriodicalId\":420861,\"journal\":{\"name\":\"International Conference on Evaluation of Novel Approaches to Software Engineering\",\"volume\":\"74 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-03-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference on Evaluation of Novel Approaches to Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.48550/arXiv.2303.06177\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Evaluation of Novel Approaches to Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.48550/arXiv.2303.06177","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

开发自动化、智能化的软件漏洞检测模型一直受到研发界的高度关注。该领域最大的挑战之一是缺乏所有不同编程语言的代码示例。在本研究中，我们通过提出一种迁移学习技术来解决这个问题，该技术利用可用的数据集并生成一个模型来检测不同编程语言中的常见漏洞。我们使用C源代码样本来训练卷积神经网络(CNN)模型，然后使用Java源代码样本来采用和评估学习到的模型。我们使用了来自两个基准数据集的代码样本:NIST软件保证参考数据集(SARD)和Draper VDISC数据集。结果表明，该模型在C和Java代码中均能检测到漏洞，平均召回率为72%。此外，我们使用可解释的人工智能来研究每个特征对所提出模型中C和Java之间的知识转移机制的贡献程度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Software Vulnerability Prediction Knowledge Transferring Between Programming Languages

Developing automated and smart software vulnerability detection models has been receiving great attention from both research and development communities. One of the biggest challenges in this area is the lack of code samples for all different programming languages. In this study, we address this issue by proposing a transfer learning technique to leverage available datasets and generate a model to detect common vulnerabilities in different programming languages. We use C source code samples to train a Convolutional Neural Network (CNN) model, then, we use Java source code samples to adopt and evaluate the learned model. We use code samples from two benchmark datasets: NIST Software Assurance Reference Dataset (SARD) and Draper VDISC dataset. The results show that proposed model detects vulnerabilities in both C and Java codes with average recall of 72\%. Additionally, we employ explainable AI to investigate how much each feature contributes to the knowledge transfer mechanisms between C and Java in the proposed model.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Conference on Evaluation of Novel Approaches to Software Engineering

自引率

0.00%

发文量