Litcius/Paper detail

Code Vulnerability Detection Based on Deep Sequence and Graph Models: A Survey

Bolun Wu, Futai Zou

2022Security and Communication Networks30 citationsDOIOpen Access PDF

Abstract

With the flourishing of the open-source software community, the problem of software vulnerabilities is becoming more and more serious. Hence, it is urgent to come up with an effective and efficient code vulnerability detection method. Source code vulnerability detection techniques used in practice today like symbolic execution and fuzz testing suffer from high false positives and low code coverage, respectively. Traditional machine-learning-based solutions fail to cope with the diversity of vulnerabilities. To overcome these drawbacks, a large number of deep-learning-based code vulnerability detection works have emerged, aiming at building powerful neural network models to fully learn code semantics and vulnerability patterns. In this survey, we mainly focus on code vulnerability detection approaches based on deep sequence modeling and graph modeling technologies. Our goal is to investigate how these two methods are applied to facilitate code vulnerability detection. We also go over current prevailing datasets that are used to evaluate detection models. At last, we identify the current challenges in this field and share our views on future work.

Topics & Concepts

Computer scienceVulnerability (computing)False positive paradoxSecure codingSource codeCode (set theory)Deep learningSoftwareField (mathematics)Artificial intelligenceMachine learningComputer securitySoftware security assuranceProgramming languageInformation securitySet (abstract data type)Pure mathematicsSecurity serviceMathematicsSoftware Engineering ResearchAdvanced Malware Detection TechniquesSoftware System Performance and Reliability
Code Vulnerability Detection Based on Deep Sequence and Graph Models: A Survey | Litcius