Litcius/Paper detail

Deep Learning for Software Vulnerabilities Detection Using Code Metrics

Mohammed Zagane, Mustapha Kamel Abdi, Mamdouh Alenezi

2020IEEE Access70 citationsDOIOpen Access PDF

Abstract

Software vulnerability can cause disastrous consequences for information security. Earlier detection of vulnerabilities minimizes these consequences. Manual detection of vulnerable code is very difficult and very costly in terms of time and budget. Therefore, developers must use automatic vulnerabilities prediction (AVP) tools to minimize costs. Recent works on AVP begin to use techniques of deep learning (DL). All the proposed approaches are based on techniques of feature extraction inspired by previous applications of DL such as automatic language processing. Code metrics were widely used as features to build AVP models based on classic machine learning. This study bridges the gap between deep learning and machine learning features and discusses a deep-learning-based approach to finding vulnerabilities in code using code metrics. Obtained results show that code metrics are very good but not the better to use as features in DL-based AVP.

Topics & Concepts

Computer scienceSecure codingCode (set theory)SoftwareSoftware bugSoftware security assuranceSoftware engineeringProgramming languageComputer securityInformation securitySecurity serviceSet (abstract data type)Software Engineering ResearchSoftware Reliability and Analysis ResearchSoftware Testing and Debugging Techniques