Vulnerability prediction from source code using machine learning

Bilgin, Zeki, Ersoy, Mehmet Akif, Soykan, Elif Ustundag, Tomur, Emrah, Comak, Pinar and Karacay, Leyli (2020) Vulnerability prediction from source code using machine learning. IEEE Access, 8. pp. 150672-150684. ISSN 2169-3536

Full text not available from this repository. (Request a copy)

Abstract

As the role of information and communication technologies gradually increases in our lives, software security becomes a major issue to provide protection against malicious attempts and to avoid ending up with noncompensable damages to the system. With the advent of data-driven techniques, there is now a growing interest in how to leverage machine learning (ML) as a software assurance method to build trustworthy software systems. In this study, we examine how to predict software vulnerabilities from source code by employing ML prior to their release. To this end, we develop a source code representation method that enables us to perform intelligent analysis on the Abstract Syntax Tree (AST) form of source code and then investigate whether ML can distinguish vulnerable and nonvulnerable code fragments. To make a comprehensive performance evaluation, we use a public dataset that contains a large amount of function-level real source code parts mined from open-source projects and carefully labeled according to the type of vulnerability if they have any.We show the effectiveness of our proposed method for vulnerability prediction from source code by carrying out exhaustive and realistic experiments under different regimes in comparison with state-of-art methods.

Item Type: Article
Additional Information: Funding Information: This work was supported by the Scientific and Technological Research Council of Turkey through the 1515 Frontier Research and Development Laboratories Support Program under Project 5169902.
Uncontrolled Keywords: ast,machine learning,source code,vulnerability prediction,computer science(all),materials science(all),engineering(all) ,/dk/atira/pure/subjectarea/asjc/1700
Faculty \ School: Faculty of Science > School of Computing Sciences
Related URLs:
Depositing User: LivePure Connector
Date Deposited: 18 Aug 2022 12:30
Last Modified: 25 Sep 2024 16:39
URI: https://ueaeprints.uea.ac.uk/id/eprint/87442
DOI: 10.1109/ACCESS.2020.3016774

Actions (login required)

View Item View Item