{"title":"一个全面的框架,用于从C/ c++源代码项目中收集漏洞","authors":"Guru Bhandari, Nikola Gavric, Andrii Shalaginov","doi":"10.1016/j.simpa.2024.100713","DOIUrl":null,"url":null,"abstract":"<div><div>The study introduces <em>VulnMiner</em>, a comprehensive framework encompassing a data extraction tool tailored for identifying vulnerabilities in C/C++ source code. Moreover, it unveils an initial release of a vulnerability dataset, curated from prevalent projects and annotated with vulnerable and benign instances. This dataset incorporates projects with vulnerabilities labeled as Common Weakness Enumeration (CWE) categories. The developed open-source extraction tool collects vulnerability data utilizing static security analyzers. The study also fosters the machine learning (ML) and natural language processing (NLP) model’s effectiveness in accurately classifying vulnerabilities, evidenced by its identification of numerous weaknesses in open-source projects.</div></div>","PeriodicalId":29771,"journal":{"name":"Software Impacts","volume":"22 ","pages":"Article 100713"},"PeriodicalIF":1.3000,"publicationDate":"2024-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"VulnMiner: A comprehensive framework for vulnerability collection from C/C++ source code projects\",\"authors\":\"Guru Bhandari, Nikola Gavric, Andrii Shalaginov\",\"doi\":\"10.1016/j.simpa.2024.100713\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The study introduces <em>VulnMiner</em>, a comprehensive framework encompassing a data extraction tool tailored for identifying vulnerabilities in C/C++ source code. Moreover, it unveils an initial release of a vulnerability dataset, curated from prevalent projects and annotated with vulnerable and benign instances. This dataset incorporates projects with vulnerabilities labeled as Common Weakness Enumeration (CWE) categories. The developed open-source extraction tool collects vulnerability data utilizing static security analyzers. The study also fosters the machine learning (ML) and natural language processing (NLP) model’s effectiveness in accurately classifying vulnerabilities, evidenced by its identification of numerous weaknesses in open-source projects.</div></div>\",\"PeriodicalId\":29771,\"journal\":{\"name\":\"Software Impacts\",\"volume\":\"22 \",\"pages\":\"Article 100713\"},\"PeriodicalIF\":1.3000,\"publicationDate\":\"2024-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Software Impacts\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2665963824001015\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Software Impacts","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2665963824001015","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
VulnMiner: A comprehensive framework for vulnerability collection from C/C++ source code projects
The study introduces VulnMiner, a comprehensive framework encompassing a data extraction tool tailored for identifying vulnerabilities in C/C++ source code. Moreover, it unveils an initial release of a vulnerability dataset, curated from prevalent projects and annotated with vulnerable and benign instances. This dataset incorporates projects with vulnerabilities labeled as Common Weakness Enumeration (CWE) categories. The developed open-source extraction tool collects vulnerability data utilizing static security analyzers. The study also fosters the machine learning (ML) and natural language processing (NLP) model’s effectiveness in accurately classifying vulnerabilities, evidenced by its identification of numerous weaknesses in open-source projects.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
