Skip to main content
SpringerLink
Log in

Vulnerability Detection Using Deep Learning

  • Conference paper
  • First Online:
Proceedings of the International Conference on Applied CyberSecurity (ACS) 2021 (ACS 2021)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 378))

Included in the following conference series:

  • 337 Accesses

Abstract

Software vulnerabilities are one of the main entry points of cyberattacks. Several papers focused on the challenge of automatically identifying vulnerabilities and recent works started applying machine learning techniques. With the advent of newer deep learning technologies like transformers, there is more room for improvement in vulnerability detection tools. This survey explores the various techniques used to identify vulnerabilities in code, from recurrent neural networks to transformers, such as the Bidirectional Encoder Representations from Transformers (BERT).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. checkmarx. https://checkmarx.com

  2. Malwaredb. http://malwaredb.malekal.com

  3. Nist: The common vulnerability scoring system. https://nvd.nist.gov/vuln-metrics/cvss

  4. Nvd: National vulnerability database. https://nvd.nist.gov

  5. Sard: Software assurance reference dataset. https://samate.nist.gov/SARD/index.php

  6. Virusshare. https://virusshare.com

  7. Aggarwal, A., Jalote, P.: Integrating static and dynamic analysis for detecting vulnerabilities. In: 30th Annual International Computer Software and Applications Conference (COMPSAC’06), vol. 1, pp. 343–350 (2006). https://doi.org/10.1109/COMPSAC.2006.55

  8. Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: Bert: Pre-training of deep bidirectional transformers for language understanding (2019)

    Google Scholar 

  9. Guo, J., Wang, Z., Li, H., Xue, Y.: Detecting vulnerability in source code using CNN and LSTM network. Soft Comput. (2021). https://doi.org/10.1007/s00500-021-05994-w

  10. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997). https://doi.org/10.1162/neco.1997.9.8.1735

    Article  Google Scholar 

  11. Kim, Y.: Convolutional neural networks for sentence classification (2014)

    Google Scholar 

  12. Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., Chen, Z.: SySeVR: a framework for using deep learning to detect software vulnerabilities. IEEE Trans. Dependable Secure Comput. 1 (2021). https://doi.org/10.1109/TDSC.2021.3051525

  13. Li, Z., et al.: VulDeePecker: a deep learning-based system for vulnerability detection. In: Proceedings 2018 Network and Distributed System Security Symposium (2018). https://doi.org/10.14722/ndss.2018.23158

  14. Liu, Y., et al.: Roberta: a robustly optimized BERT pretraining approach (2019)

    Google Scholar 

  15. Lu, R.: Malware detection with LSTM using opcode language (2019)

    Google Scholar 

  16. Mahmood, R., Mahmoud, Q.H.: Evaluation of static analysis tools for finding vulnerabilities in java and c/c++ source code (2018)

    Google Scholar 

  17. Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space (2013)

    Google Scholar 

  18. Perl, H., et al.: VCCFinder: finding potential vulnerabilities in open-source projects to assist code audits. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, pp. 426–437. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2810103.2813604

  19. Ronen, R., Radu, M., Feuerstein, C., Yom-Tov, E., Ahmadi, M.: Microsoft malware classification challenge (2018)

    Google Scholar 

  20. Rumelhart, D.E., Hinton, G.E., Williams, R.J.: Learning representations by back-propagating errors. Nature 323(6088), 533–536 (1986). https://doi.org/10.1038/323533a0

    Article  MATH  Google Scholar 

  21. Scovetta, M.: YASCA: yet another source code analyzer. https://github.com/scovetta/yasca

  22. Vaswani, A., et al.: Attention is all you need (2017)

    Google Scholar 

  23. Wheeler, D.A.: Flawfinder. https://dwheeler.com/flawfinder/

  24. Wichmann, B., Canning, A., Marsh, D., Clutterbuck, D., Winsborrow, L., Ward, N.: Industrial perspective on static analysis. Softw. Eng. J. 10(2), 69 (1995). https://doi.org/10.1049/sej.1995.0010

    Article  Google Scholar 

  25. Wu, F., Wang, J., Liu, J., Wang, W.: Vulnerability detection with deep learning. In: 2017 3rd IEEE International Conference on Computer and Communications (ICCC), pp. 1298–1302 (2017). https://doi.org/10.1109/CompComm.2017.8322752

  26. Ziems, N., Wu, S.: Security vulnerability detection using deep learning natural language processing (2021)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Heriot-Watt University, Edinburgh, UK

    Mahmoud Osama Elsheikh

Authors
  1. Mahmoud Osama Elsheikh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mahmoud Osama Elsheikh .

Editor information

Editors and Affiliations

  1. Heriot-Watt University, Dubai, United Arab Emirates

    Hani Ragab Hassen

  2. Heriot-Watt University, Dubai, United Arab Emirates

    Hadj Batatia

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Elsheikh, M.O. (2022). Vulnerability Detection Using Deep Learning. In: Ragab Hassen, H., Batatia, H. (eds) Proceedings of the International Conference on Applied CyberSecurity (ACS) 2021. ACS 2021. Lecture Notes in Networks and Systems, vol 378. Springer, Cham. https://doi.org/10.1007/978-3-030-95918-0_6

Download citation

Publish with us

Policies and ethics

Search

Navigation