Abstract

Cryptography is a ubiquitous tool in secure software development in order to guarantee security requirements in general. However, software developers have scarce knowledge about cryptography and rely on limited support tools that cannot properly detect bad uses of cryptography, thus generating vulnerabilities in software. In this work, we extend the scarcely use of machine learning to detect cryptography misuse in source code by using a state of the art deep learning model (i.e., <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">code2vec</i> ) through transfer learning to generate features that feed machine learning models. In addition, we compare this approach to previous ones in different types of binary models. Also, we adapt code obfuscation to serve as data augmentation in machine learning source code related tasks. Finally, we show that through transfer learning <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">code2vec</i> can be a competitive feature generator for cryptography misuse detection and simple code obfuscation can be used to generate data to enhance machine learning models training in source code related tasks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.