A systematic literature review of software vulnerability detection

Abstract

This study provided a systematic literature review of software vulnerability detection (SVD) by searching ACM and IEEE databases for related literatures. Using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) flowchart, a total of 55 studies published in the selected journals and conference proceeding of IEEE and ACM from 2015 to 2021 were reviewed. The objective is to identify, select and critically evaluate research works carried out on software vulnerability detection. The selected articles were grouped into 7 categories across various vulnerability detection evaluation criteria such as neural network – 5 papers, machine learning – 11 papers, static and dynamic analysis – 8 papers, code clone – 3 papers, classification – 4 papers, models – 3 papers, and frameworks – 6 papers. There are 15 articles that could not fall into any of these 7 categories, thus, they were place in others row that used different criteria to implement vulnerability detection. The result showed that many researchers used machine learning strategy to detect vulnerability in software since large volume of data can be reviewed easily with machine learning. Although many systems have been developed for detecting software vulnerability, none is able to show the type of vulnerability detected.