Software Vulnerability Detection Research Articles

Research on Software Vulnerability Detection Methods Based on Deep Learning

This paper aims to investigate software vulnerability detection methods based on deep learning to address the ever-growing challenges in software security. With the rapid development of information technology, software vulnerabilities have become the primary targets of cyberattacks, posing severe threats to economic, military, and social security. By analyzing the limitations of existing software vulnerability detection methods, this paper explores the potential applications of deep learning technology in this field. Through a literature review, relevant theories of software vulnerabilities are introduced, including the concept, types, and impacts of vulnerabilities. Subsequently, detailed descriptions of deep learning-based vulnerability detection methods are provided, encompassing Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs) and their variant LSTM, as well as the application of program slicing techniques in vulnerability detection. By evaluating and improving existing deep learning models, a novel deep learning-based vulnerability detection framework is proposed, with its workflow and technical principles elaborated. The proposed deep learning-based vulnerability detection method can effectively enhance the accuracy and efficiency of software vulnerability detection, reduce reliance on expert knowledge, and lower human resource costs. Experimental results demonstrate that this method performs exceptionally well on multiple datasets, indicating broad application prospects and significant research value. The deep learning-based software vulnerability detection method offers new insights and tools for addressing current software security challenges. In the future, with the continuous development and improvement of deep learning technology, this method will play an even more crucial role in the field of software vulnerability detection.

DLAP: A Deep Learning Augmented Large Language Model Prompting framework for software vulnerability detection

Software vulnerability detection is generally supported by automated static analysis tools, which have recently been reinforced by deep learning (DL) models. However, despite the superior performance of DL-based approaches over rule-based ones in research, applying DL approaches to software vulnerability detection in practice remains a challenge. This is due to the complex structure of source code, the black-box nature of DL, and the extensive domain knowledge required to understand and validate the black-box results for addressing tasks after detection. Conventional DL models are trained by specific projects and, hence, excel in identifying vulnerabilities in these projects but not in others. These models with poor performance in vulnerability detection would impact the downstream tasks such as location and repair. More importantly, these models do not provide explanations for developers to comprehend detection results. In contrast, Large Language Models (LLMs) with prompting techniques achieve stable performance across projects and provide explanations for results. However, using existing prompting techniques, the detection performance of LLMs is relatively low and cannot be used for real-world vulnerability detections. This paper contributes DLAP, a Deep Learning Augmented LLMs Prompting framework that combines the best of both DL models and LLMs to achieve exceptional vulnerability detection performance. Experimental evaluation results confirm that DLAP outperforms state-of-the-art prompting frameworks, including role-based prompts, auxiliary information prompts, chain-of-thought prompts, and in-context learning prompts, as well as fine-turning on multiple metrics.

VulTR: Software vulnerability detection model based on multi-layer key feature enhancement

Software vulnerabilities pose a huge threat to current network security, which continues to lead to data leaks and system damage. In order to effectively identify and patch these vulnerabilities, researchers have proposed automated detection methods based on deep learning. However, most of the existing methods only rely on single-dimensional data representation and fail to fully explore the composite characteristics of the code. Among them, the sequence embedding method fails to effectively capture the structural characteristics of the code, while the graph embedding method focuses more on the global characteristics of the overall graph structure and is still insufficient in optimizing the representation of nodes. In view of this, this paper constructs the VulTR model, which incorporates an importance assessment mechanism to strengthen the key syntax levels of the source code (from lexical elements to nodes and graph-level structures), significantly improving the importance of key vulnerability features in classification decisions. At the same time, a relationship connection diagram is constructed to describe the spatial characteristics of the correlations between functions. Experimentally verified, VulTR's F1 scores on both synthetic and real data sets exceed those of the compared models (VulDeePecker, SySeVR, Devign, VulCNN, IVDetect, and mVulPreter).

Survey of deep learning models for vulnerability detection

With the rapid development of information technology, software security issues have become increasingly prominent, especially the importance of software vulnerability detection technology, which has continued to increase. This paper reviews vulnerability detection technology based on neural networks, with a special focus on two widely used models: Devign and CodeBERT. By analyzing the working principles and processes of these two models, their performance and advantages in dealing with vulnerability detection tasks in complex codes are explored. With the advancement of technology, an analysis is conducted on the update and development of these two different technologies from various perspectives. At the same time, this paper also analyzes the challenges that existing models may encounter and proposes future development directions, including data processing, model design improvements, and innovations in feature extraction technology, in order to improve the accuracy and efficiency of vulnerability detection technology.

Fine-grained vulnerability detection for medical sensor systems

The Internet of Things (IoT) has revolutionized the healthcare system by connecting medical sensors to the internet, while also posing challenges to the security of medical sensor networks (MSN). Given the extreme sensitivity of medical data, any vulnerability may result in data breaches and misuse, impacting patient safety and privacy. Therefore, safeguarding MSN security is critical. As medical sensor devices rely on smart healthcare software systems for data management and communication, precisely detecting system code vulnerabilities is essential to ensuring network security. Effective software vulnerability detection targets two key objectives: (i) achieving high accuracy and (ii) directly identifying vulnerable code lines for developers to fix. To address these challenges, we introduce Vulcoder, a novel vulnerability-oriented, encoder-driven model based on the Bidirectional Encoder Representations from Transformers (BERT) architecture. We propose a one-to-one mapping function to capture code semantics through abstract syntax trees (AST). Combined with multi-head attention, Vulcoder achieves precise function- and line-level detection of software vulnerabilities in MSN. This accelerates the vulnerability remediation process, thereby strengthening network security. Experimental results on various datasets demonstrate that Vulcoder outperforms previous models in identifying vulnerabilities within MSN. Specifically, it achieves a 1%–419% improvement in function-level prediction F1 scores and a 12.5%–380% increase in line-level localization precision. Therefore, Vulcoder helps enhance security defenses and safeguard patient privacy in MSN, facilitating the development of smart healthcare.

Defect-scanner: a comparative empirical study on language model and deep learning approach for software vulnerability detection

Defect-scanner: a comparative empirical study on language model and deep learning approach for software vulnerability detection

Analyzing Threat Level of the Backdoor Attack Method for an Organization’s Operation

Backdoor attacks played a critical part in the catastrophe, as well as the overall impact of cyberattacks. Backdoor assaults are additionally influencing the landscape of malware and threats, forcing companies to concentrate more on detecting and establishing vulnerability tactics in order to avoid hostile backdoor threats. Despite advances in cybersecurity systems, backdoor assaults remain a source of concern because of their propensity to remain undetected long after the attack vector has been started. This research is aimed to examine the threats of backdoor attack methods in an organization's operational network, provide a full-scale review, and serve as direction for training and defensive measures. The fundamental inspiration was drawn from the alarming and involving threat in cybersecurity, which necessitates a better awareness of the level of risk and the concurrent requirement for increased security measures. Most traditional security solutions usually fail to detect harmful backdoors due to the stealthy nature of backdoor code within the system, necessitating a unique approach to full-scale threat analysis. A multi-phase approach that begins with considerable reading and examination of existing literature to get insight into typical backdoor attack methodologies and application methods. Following analysis, testing was carried out in a virtual lab in a controlled environment because thorough malware analysis testing must adhere to ethical and legal cyber testing laws to avoid any penalties or foolish breaches. This methodology also included testing on numerous attack channels combined with backdoor attacks, such as detecting software vulnerabilities, phishing emails, and direct payload injection, to determine the complexity of the different attack vectors. Each of the collected data is utilized to create a threat model that predicts the amount of risk associated with the backdoor attack approach. The finding contributes to the development of more resilient defence mechanisms, while also strengthening the overall organization's security architecture and protocols.

A comprehensive analysis on software vulnerability detection datasets: trends, challenges, and road ahead

As society’s dependence on information and communication systems (ICTs) grows, so does the necessity of guaranteeing the proper functioning and use of such systems. In this context, it is critical to enhance the security and robustness of the DevSecOps pipeline through timely vulnerability detection. Usually, AI-based models enable desirable features such as automation, performance, and efficacy. However, the quality of such models highly depends on the datasets used during the training stage. The latter encompasses a series of challenges yet to be solved, such as access to extensive labelled datasets with specific properties, such as well-represented and balanced samples. This article explores the current state of practice of software vulnerability datasets and provides a classification of the main challenges and issues. After an extensive analysis, it describes a set of guidelines and desirable features that datasets should guarantee. The latter is applied to create a new dataset, which fulfils these properties, along with a descriptive comparison with the state of the art. Finally, a discussion on how to foster good practices among researchers and practitioners sets the ground for further research and continued improvement within this critical domain.

Software installation threat detection based on attention mechanism and improved convolutional neural network in IOT platform

With of the Internet of Things (IoT) developing and the network technique progressing, malware attacks continue to occur, seriously endangering the information and property security of Internet of Things device users. To ensure the security of the Internet of Things platform and improve the efficiency of malware and vulnerability detection, a software installation threat detection model based on attention mechanism and improved convolutional neural network is constructed. Firstly, the enhanced dynamic symbolic execution module and forward program slicing algorithm are used to extract dynamic features, and then the improved convolutional neural network is utilized to classify malware. In the existing software of IoT devices, the inlining correlation function is studied using the inlining strategy, and the weight between the target pixel and the global pixel is calculated using the attention mechanism, through which the logic and correlation between the triples are correlated. Then, deep residual network is used to detect software vulnerabilities. This enables threat detection before and after software installation. In comparison with the current popular vulnerability detection model experiments, the accuracy, recall rate, accuracy rate and running time of the constructed model in the process of vulnerability detection are 0.975, 0.970, 0.968 and 0.02 s, respectively. Compared with other models, the research design model has better performance. This shows that this built model can effectively detect software installation threats, and has high detection accuracy and operation efficiency, which can provide strong support for the Internet of Things platform’s security protection.

Enhancing Software Code Vulnerability Detection Using GPT-4o and Claude-3.5 Sonnet: A Study on Prompt Engineering Techniques

This study investigates the efficacy of advanced large language models, specifically GPT-4o, Claude-3.5 Sonnet, and GPT-3.5 Turbo, in detecting software vulnerabilities. Our experiment utilized vulnerable and secure code samples from the NIST Software Assurance Reference Dataset (SARD), focusing on C++, Java, and Python. We employed three distinct prompting techniques as follows: Concise, Tip Setting, and Step-by-Step. The results demonstrate that GPT-4o and Claude-3.5 Sonnet significantly outperform GPT-3.5 Turbo in vulnerability detection. GPT-4o showed the highest improvement with the Step-by-Step prompt, achieving an F1 score of 0.9072. Claude-3.5 Sonnet exhibited consistent high performance across all prompt types, with its Step-by-Step prompt yielding the best overall results (F1 score: 0.8933, AUC: 0.74). In contrast, GPT-3.5 Turbo showed minimal performance changes across prompts, with the Tip Setting prompt performing best (AUC: 0.65, F1 score: 0.6772), yet significantly lower than the other models. Our findings highlight the potential of advanced models in enhancing software security and underscore the importance of prompt engineering in optimizing their performance.

An advanced computing approach for software vulnerability detection

An advanced computing approach for software vulnerability detection

IGnnVD: A novel software vulnerability detection model based on integrated graph neural networks

Software vulnerability detection is a challenging task in the security field, the boom of deep learning technology promotes the development of automatic vulnerability detection. Compared with sequence-based deep learning models, graph neural network (GNN) can learn the structural features of code, it performs well in the field of vulnerability detection for source code. However, different GNNs have different detection results for the same code, and using a single kind of GNN may lead to high false positive rate and false negative rate. In addition, the complex structure of source code causes single GNN model cannot effectively learn their depth feature, thereby leading to low detection accuracy. To solve these limitations, we propose a software vulnerability detection model called iGnnVD based on the integrated graph neural networks. In the proposed iGnnVD model, the base detectors including GCN, GAT and APPNP are first constructed to capture the bidirectional information in the code graph structure with bidirectional structure; And then, the residual connection is used to aggregate the features while retaining the features each time; Finally, the convolutional layer is used to perform the aggregated classification. In addition, an integration module that analyzes the detection results of three detectors for final classification is designed using a voting strategy to solve the problem of high false positive rate and false negative rate caused by using a single kind of base detector. We perform extensive experiments on three datasets and experimental results show that the proposed iGnnVD model can improve the detection accuracy of vulnerabilities in source code as well as reduce the false positive rate and false negative rate compared with existing deep learning-based vulnerability detection models, it also has good stability.

SecuGuard: Leveraging pattern-exploiting training in language models for advanced software vulnerability detection

SecuGuard: Leveraging pattern-exploiting training in language models for advanced software vulnerability detection

Multi-class vulnerability prediction using value flow and graph neural networks

In recent years, machine learning models have been increasingly used to detect security vulnerabilities in software, due to their ability to achieve high performance and lower false positive rates compared to traditional program analysis tools. However, these models often lack the capability to provide a clear explanation for why a program has been flagged as vulnerable, leaving developers with little reasoning to work with. We present a new method which not only identifies the presence of vulnerabilities in a program, but also the specific type of error, considering the whole program rather than just individual functions. Our approach utilizes graph neural networks that employ inter-procedural value flow graphs, and instruction embedding from the LLVM Intermediate Representation, to predict a class. By mapping these classes to the Common Weakness Enumeration list, we provide a clear indication of the security issue found, saving developers valuable time which would otherwise be spent analyzing a binary vulnerable/non-vulnerable label. To evaluate our method’s effectiveness, we used two datasets: one containing memory-related errors (out of bound array accesses), and the other a range of vulnerabilities from the Juliet Test Suite, including buffer and integer overflows, format strings, and invalid frees. Our model, implemented using PyTorch and the Gated Graph Sequence Neural Network from Torch-Geometric, achieved a precision of 96.35 and 91.59% on the two datasets, respectively. Compared to common static analysis tools, our method produced roughly half the number of false positives, while identifying approximately three times the number of vulnerable samples. Compared to recent machine learning systems, we achieve similar performance while offering the added benefit of differentiating between classes. Overall, our approach represents a meaningful improvement in software vulnerability detection, providing developers with valuable insights to better secure their code.

CatchFuzz: Reliable active anti-fuzzing techniques against coverage-guided fuzzer

Fuzzing techniques that can automatically detect software vulnerabilities are used widely today. However, attackers also abuse these fuzzing techniques to find software vulnerabilities in target programs. Researchers have proposed a number of anti-fuzzing techniques in response to this issue, but most of them cause significant computational overhead regardless of whether programs operate under the fuzzing environment or not. To this point, we develop a new anti-fuzzer called CatchFuzz, in which an anti-fuzzing algorithm is loaded only after detecting the fuzzing environment. CatchFuzz then breaks down the fuzzing strategy by directly disordering information used by the fuzzing system. These features ensure that there is little performance degradation during normal usage and make a fuzzer interpret an interesting input value as uninteresting. Also, CatchFuzz surpasses existing anti-fuzzing techniques by significantly reducing the number of detected crashes, while also addressing their current limitations. We conduct multiple empirical tests with nine real-world programs to evaluate CatchFuzz and compare our method with existing anti-fuzzers. Our tests show that CatchFuzz identifies the fuzzing environment with an accuracy of 99.6% and a false positive rate of 0.5%. CatchFuzz exhibits highly improved anti-fuzzing performance, as demonstrated by the significant reduction in the number of detected unique crashes by 95.39%.

Assessment of Software Vulnerability Contributing Factors by Model-Agnostic Explainable AI

Software vulnerability detection aims to proactively reduce the risk to software security and reliability. Despite advancements in deep-learning-based detection, a semantic gap still remains between learned features and human-understandable vulnerability semantics. In this paper, we present an XAI-based framework to assess program code in a graph context as feature representations and their effect on code vulnerability classification into multiple Common Weakness Enumeration (CWE) types. Our XAI framework is deep-learning-model-agnostic and programming-language-neutral. We rank the feature importance of 40 syntactic constructs for each of the top 20 distributed CWE types from three datasets in Java and C++. By means of four metrics of information retrieval, we measure the similarity of human-understandable CWE types using each CWE type’s feature contribution ranking learned from XAI methods. We observe that the subtle semantic difference between CWE types occurs after the variation in neighboring features’ contribution rankings. Our study shows that the XAI explanation results have approximately 78% Top-1 to 89% Top-5 similarity hit rates and a mean average precision of 0.70 compared with the baseline of CWE similarity identified by the open community experts. Our framework allows for code vulnerability patterns to be learned and contributing factors to be assessed at the same stage.

Deep Domain Adaptation With Max-Margin Principle for Cross-Project Imbalanced Software Vulnerability Detection

Software vulnerabilities (SVs) have become a common, serious, and crucial concern due to the ubiquity of computer software. Many AI-based approaches have been proposed to solve the software vulnerability detection (SVD) problem to ensure the security and integrity of software applications (in both the development and testing phases). However, there are still two open and significant issues for SVD in terms of i) learning automatic representations to improve the predictive performance of SVD, and ii) tackling the scarcity of labeled vulnerability datasets that conventionally need laborious labeling effort by experts. In this paper, we propose a novel approach to tackle these two crucial issues. We first exploit the automatic representation learning with deep domain adaptation for SVD. We then propose a novel cross-domain kernel classifier leveraging the max-margin principle to significantly improve the transfer learning process of SVs from imbalanced labeled into imbalanced unlabeled projects. Our approach is the first work that leverages solid body theories of the max-margin principle, kernel methods, and bridging the gap between source and target domains for imbalanced domain adaptation (DA) applied in cross-project SVD . The experimental results on real-world software datasets show the superiority of our proposed method over state-of-the-art baselines. In short, our method obtains a higher performance on F1-measure, one of the most important measures in SVD, from 1.83% to 6.25% compared to the second highest method in the used datasets.

Optimizing software vulnerability detection using RoBERTa and machine learning

Optimizing software vulnerability detection using RoBERTa and machine learning

There Are Infinite Ways to Formulate Code: How to Mitigate the Resulting Problems for Better Software Vulnerability Detection

Given a set of software programs, each being labeled either as vulnerable or benign, deep learning technology can be used to automatically build a software vulnerability detector. A challenge in this context is that there are countless equivalent ways to implement a particular functionality in a program. For instance, the naming of variables is often a matter of the personal style of programmers, and thus, the detection of vulnerability patterns in programs is made difficult. Current deep learning approaches to software vulnerability detection rely on the raw text of a program and exploit general natural language processing capabilities to address the problem of dealing with different naming schemes in instances of vulnerability patterns. Relying on natural language processing, and learning how to reveal variable reference structures from the raw text, is often too high a burden, however. Thus, approaches based on deep learning still exhibit problems generating a detector with decent generalization properties due to the naming or, more generally formulated, the vocabulary explosion problem. In this work, we propose techniques to mitigate this problem by making the referential structure of variable references explicit in input representations for deep learning approaches. Evaluation results show that deep learning models based on techniques presented in this article outperform raw text approaches for vulnerability detection. In addition, the new techniques also induce a very small main memory footprint. The efficiency gain of memory usage can be up to four orders of magnitude compared to existing methods as our experiments indicate.

CSVD-TF: Cross-project software vulnerability detection with TrAdaBoost by fusing expert metrics and semantic metrics

Recently, deep learning-based software vulnerability detection (SVD) approaches have achieved promising performance. However, the scarcity of high-quality labeled SVD data influences the practicality of these approaches. Therefore, cross-project software vulnerability detection (CSVD) has gradually attracted the attention of researchers since CSVD can utilize the labeled SVD data from the source project to construct an effective CSVD model for the target project via transfer learning. However, if a certain number of program modules in the target project can be labeled by security experts, it can help to improve CSVD model performance by effectively utilizing similar SVD data in the source project. For this more practical CSVD scenario, we propose a novel approach CSVD-TF via the transfer learning method TrAdaBoost. Moreover, we find expert metrics and semantic metrics extracted from the functions show a certain complementary in our investigated scenario. Therefore, we utilize a model-level metric fusion method to further improve the performance. We perform a comprehensive study to evaluate the effectiveness of CSVD-TF on four real-world projects. Our empirical results show that CSVD-TF can achieve performance improvements of 7.5% to 24.6% in terms of AUC when compared to five state-of-the-art baselines.