Inicio  /  Information  /  Vol: 15 Par: 4 (2024)  /  Artículo
ARTÍCULO
TITULO

There Are Infinite Ways to Formulate Code: How to Mitigate the Resulting Problems for Better Software Vulnerability Detection

Jinghua Groppe    
Sven Groppe    
Daniel Senf and Ralf Möller    

Resumen

Given a set of software programs, each being labeled either as vulnerable or benign, deep learning technology can be used to automatically build a software vulnerability detector. A challenge in this context is that there are countless equivalent ways to implement a particular functionality in a program. For instance, the naming of variables is often a matter of the personal style of programmers, and thus, the detection of vulnerability patterns in programs is made difficult. Current deep learning approaches to software vulnerability detection rely on the raw text of a program and exploit general natural language processing capabilities to address the problem of dealing with different naming schemes in instances of vulnerability patterns. Relying on natural language processing, and learning how to reveal variable reference structures from the raw text, is often too high a burden, however. Thus, approaches based on deep learning still exhibit problems generating a detector with decent generalization properties due to the naming or, more generally formulated, the vocabulary explosion problem. In this work, we propose techniques to mitigate this problem by making the referential structure of variable references explicit in input representations for deep learning approaches. Evaluation results show that deep learning models based on techniques presented in this article outperform raw text approaches for vulnerability detection. In addition, the new techniques also induce a very small main memory footprint. The efficiency gain of memory usage can be up to four orders of magnitude compared to existing methods as our experiments indicate.

 Artículos similares

       
 
Lori Bradford, Kwok P. Chun, Rupal Bonli and Graham Strickert    
Currently, there are no tools that measure improvements in levels of empathy among diverse water stakeholders participating in transboundary decision-making. In this study, we used an existing empathy scale from clinical psychology during an Experimental... ver más
Revista: Water

 
Ifeanyi Francis Osegbue, Austin Nweze, Meshack Ifurueze, Chizoba Mary Nwoye     Pág. 45 - 69
This study examines how tax sheltering and its interactions with cash effective tax rate, long-term effective tax rate, tax savings, book tax gap, temporary difference of tax shelter and permanent difference of tax shelter impacted the modified Jones ear... ver más

 
Olga Popova, Jörg Jablinski, T. Lukashenko     Pág. 17 - 24
This article demonstrates the assumptions of economic theory and its followers, the theories which stimulate research on the positive correlation between the success of the economy, its growth and the level of international trade. The empirical analysis ... ver más

 
Vaddula V. Krishna Reddy     Pág. 98 - 104
Buyback is a procedure that enables a company to repurchase its shares from its existing shareholders, usually at a price near to or higher than the prevailing market price. The present study is based on secondary data and the event window period of 21 d... ver más

 
P. K. Paul, P. S. Aithal, R. Saavedra, K.S. Tiwary, B. Aremu, S. Mewada     Pág. 99 - 105
AbstractInformation is the power and Technology is the driving force for the development of all the facets. Information Science and Technology as a field of study and professional practice is therefore responsible for providing information and technology... ver más