Using Machine Learning for Vulnerability Detection and Classification

Citations Over TimeTop 1% of 2018 papers

Abstract

The work described in this paper aims at developing a machine learning based tool for automatic identification of vulnerabilities on programs (source, high level code), that uses an abstract syntax tree representation. It is based on FastScan, using code2seq approach. Fastscan is a recently developed system aimed capable of detecting vulnerabilities in source code using machine learning techniques. Nevertheless, FastScan is not able of identifying the vulnerability type. In the presented work the main goal is to go further and develop a method to identify specific types of vulnerabilities. As will be shown, the goal will be achieved by optimizing the model’s hyperparameters, changing the method of preprocessing the input data and developing an architecture that brings together multiple models to predict different specific vulnerabilities. The preliminary results obtained from the training stage, are very promising. The best f1 metric obtained is 93% resulting in a precision of 90% and accuracy of 85%, according to the performed tests and regarding a trained model to predict vulnerabilities of the injection type.

Related Papers

• → Vulnerability Detection by Learning From Syntax-Based Execution Paths of Code(2023)70 cited
• → Unifying Cross-lingual Summarization and Machine Translation with Compression Rate(2022)10 cited
• → Structural Language Models of Code(2019)44 cited
• PCA를 이용한 Snippet 생성 방법(2009)
• → Learning Snippet Relatedness Based on LSTM for Temporal Action Proposal Generation(2020)