VMCDL: Vulnerability Mining Based on Cascaded Deep Learning Under Source Control Flow

by   Wen Zhou, et al.

With the rapid development of the computer industry and computer software, the risk of software vulnerabilities being exploited has greatly increased. However, there are still many shortcomings in the existing mining techniques for leakage source research, such as high false alarm rate, coarse-grained detection, and dependence on expert experience. In this paper, we mainly use the c/c++ source code data of the SARD dataset, process the source code of CWE476, CWE469, CWE516 and CWE570 vulnerability types, test the Joern vulnerability scanning function of the cutting-edge tool, and propose a new cascading deep learning model VMCDL based on source code control flow to effectively detect vulnerabilities. First, this paper uses joern to locate and extract sensitive functions and statements to form a sensitive statement library of vulnerable code. Then, the CFG flow vulnerability code snippets are generated by bidirectional breadth-first traversal, and then vectorized by Doc2vec. Finally, the cascade deep learning model based on source code control flow is used for classification to obtain the classification results. In the experimental evaluation, we give the test results of Joern on specific vulnerabilities, and give the confusion matrix and label data of the binary classification results of the model algorithm on single vulnerability type source code, and compare and verify the five indicators of FPR, FNR, ACC, P and F1, respectively reaching 10.30 that it can effectively reduce the false alarm rate of static analysis.


page 12

page 14


DCDetector: An IoT terminal vulnerability mining system based on distributed deep ensemble learning under source code representation

Context: The IoT system infrastructure platform facility vulnerability a...

An Unbiased Transformer Source Code Learning with Semantic Vulnerability Graph

Over the years, open-source software systems have become prey to threat ...

Predicting sensitive information leakage in IoT applications using flows-aware machine learning approach

This paper presents an approach for identification of vulnerable IoT app...

GraphEye: A Novel Solution for Detecting Vulnerable Functions Based on Graph Attention Network

With the continuous extension of the Industrial Internet, cyber incident...

SeqTrans: Automatic Vulnerability Fix via Sequence to Sequence Learning

Software vulnerabilities are now reported at an unprecedented speed due ...

Semantic Learning and Emulation Based Cross-platform Binary Vulnerability Seeker

Clone detection is widely exploited for software vulnerability search. T...

VELVET: a noVel Ensemble Learning approach to automatically locate VulnErable sTatements

Automatically locating vulnerable statements in source code is crucial t...

Please sign up or login with your details

Forgot password? Click here to reset