Abstract
Software vulnerabilities are one of the main entry points of cyberattacks. Several papers focused on the challenge of automatically identifying vulnerabilities and recent works started applying machine learning techniques. With the advent of newer deep learning technologies like transformers, there is more room for improvement in vulnerability detection tools. This survey explores the various techniques used to identify vulnerabilities in code, from recurrent neural networks to transformers, such as the Bidirectional Encoder Representations from Transformers (BERT).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
checkmarx. https://checkmarx.com
Malwaredb. http://malwaredb.malekal.com
Nist: The common vulnerability scoring system. https://nvd.nist.gov/vuln-metrics/cvss
Nvd: National vulnerability database. https://nvd.nist.gov
Sard: Software assurance reference dataset. https://samate.nist.gov/SARD/index.php
Virusshare. https://virusshare.com
Aggarwal, A., Jalote, P.: Integrating static and dynamic analysis for detecting vulnerabilities. In: 30th Annual International Computer Software and Applications Conference (COMPSAC’06), vol. 1, pp. 343–350 (2006). https://doi.org/10.1109/COMPSAC.2006.55
Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: Bert: Pre-training of deep bidirectional transformers for language understanding (2019)
Guo, J., Wang, Z., Li, H., Xue, Y.: Detecting vulnerability in source code using CNN and LSTM network. Soft Comput. (2021). https://doi.org/10.1007/s00500-021-05994-w
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997). https://doi.org/10.1162/neco.1997.9.8.1735
Kim, Y.: Convolutional neural networks for sentence classification (2014)
Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., Chen, Z.: SySeVR: a framework for using deep learning to detect software vulnerabilities. IEEE Trans. Dependable Secure Comput. 1 (2021). https://doi.org/10.1109/TDSC.2021.3051525
Li, Z., et al.: VulDeePecker: a deep learning-based system for vulnerability detection. In: Proceedings 2018 Network and Distributed System Security Symposium (2018). https://doi.org/10.14722/ndss.2018.23158
Liu, Y., et al.: Roberta: a robustly optimized BERT pretraining approach (2019)
Lu, R.: Malware detection with LSTM using opcode language (2019)
Mahmood, R., Mahmoud, Q.H.: Evaluation of static analysis tools for finding vulnerabilities in java and c/c++ source code (2018)
Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space (2013)
Perl, H., et al.: VCCFinder: finding potential vulnerabilities in open-source projects to assist code audits. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, pp. 426–437. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2810103.2813604
Ronen, R., Radu, M., Feuerstein, C., Yom-Tov, E., Ahmadi, M.: Microsoft malware classification challenge (2018)
Rumelhart, D.E., Hinton, G.E., Williams, R.J.: Learning representations by back-propagating errors. Nature 323(6088), 533–536 (1986). https://doi.org/10.1038/323533a0
Scovetta, M.: YASCA: yet another source code analyzer. https://github.com/scovetta/yasca
Vaswani, A., et al.: Attention is all you need (2017)
Wheeler, D.A.: Flawfinder. https://dwheeler.com/flawfinder/
Wichmann, B., Canning, A., Marsh, D., Clutterbuck, D., Winsborrow, L., Ward, N.: Industrial perspective on static analysis. Softw. Eng. J. 10(2), 69 (1995). https://doi.org/10.1049/sej.1995.0010
Wu, F., Wang, J., Liu, J., Wang, W.: Vulnerability detection with deep learning. In: 2017 3rd IEEE International Conference on Computer and Communications (ICCC), pp. 1298–1302 (2017). https://doi.org/10.1109/CompComm.2017.8322752
Ziems, N., Wu, S.: Security vulnerability detection using deep learning natural language processing (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Elsheikh, M.O. (2022). Vulnerability Detection Using Deep Learning. In: Ragab Hassen, H., Batatia, H. (eds) Proceedings of the International Conference on Applied CyberSecurity (ACS) 2021. ACS 2021. Lecture Notes in Networks and Systems, vol 378. Springer, Cham. https://doi.org/10.1007/978-3-030-95918-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-95918-0_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95917-3
Online ISBN: 978-3-030-95918-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)