Abstract
Software vulnerability can cause disastrous consequences for information security. Earlier detection of vulnerabilities minimizes these consequences. Manual detection of vulnerable code is very difficult and very costly in terms of time and budget. Therefore, developers must use automatic vulnerabilities prediction (AVP) tools to minimize costs. Recent works on AVP begin to use techniques of deep learning (DL). All the proposed approaches are based on techniques of feature extraction inspired by previous applications of DL such as automatic language processing. Code metrics were widely used as features to build AVP models based on classic machine learning. This study bridges the gap between deep learning and machine learning features and discusses a deep-learning-based approach to finding vulnerabilities in code using code metrics. Obtained results show that code metrics are very good but not the better to use as features in DL-based AVP.
Highlights
The presence of vulnerabilities in software is inevitable because writing secure code is very difficult and requires a lot of expertise
This study will try to answer the following main research question: RQ: Since code metrics were successfully used as features to build vulnerability prediction models (VPMs) based on classic machine learning techniques, can they be used as features with deep learning to detect vulnerabilities?
This study aims to evaluating code metrics as features for deep learning to detect software vulnerabilities
Summary
The presence of vulnerabilities in software is inevitable because writing secure code is very difficult and requires a lot of expertise. To assist developers and minimize these costs, tools that can automatically predict vulnerable source entities (file, function, etc.) must be used to let developers focus their efforts on most likely vulnerable components. These costs can be minimized even more if the used tools can identify the exact location of vulnerabilities (vulnerable source lines). We begin by giving the context of the study by presenting all concepts related to it (deep neural networks, vulnerability prediction, and code slicing) after that we terminate by citing most related works. Most deep learning techniques are based on artificial neural networks (ANN). The data processing that occurs in each AN is very simple, but the global behavior of the whole network generated by the interaction of its ANs leads to solving complex problems [1]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
