2021
DOI: 10.1109/tse.2018.2881961
|View full text |Cite
|
Sign up to set email alerts
|

Automatic Feature Learning for Predicting Vulnerable Software Components

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

2
70
0

Year Published

2021
2021
2023
2023

Publication Types

Select...
7
2

Relationship

0
9

Authors

Journals

citations
Cited by 128 publications
(72 citation statements)
references
References 43 publications
2
70
0
Order By: Relevance
“…Recent studies have shown that deep learning and embedding techniques can improve the predictive accuracy of file-level defect models [6,15,62,92]. However, the important features of the embedded source code identified by a model-agnostic technique cannot be directly mapped to the risky tokens.…”
Section: Limitationmentioning
confidence: 99%
“…Recent studies have shown that deep learning and embedding techniques can improve the predictive accuracy of file-level defect models [6,15,62,92]. However, the important features of the embedded source code identified by a model-agnostic technique cannot be directly mapped to the risky tokens.…”
Section: Limitationmentioning
confidence: 99%
“…While bug reports were taken as input in that study, in many other studies, source code is taken as input. Text mining is a highly preferred technique for obtaining features directly from source codes as in the studies [65][66][67][68][69]. Several studies [63,70] have compared text mining-based models and software metrics-based models.…”
Section: Data Mining In Vulnerability Analysismentioning
confidence: 99%
“…In vulnerability studies, issue tracking systems like Bugzilla, code repositories like Github, and vulnerability databases such as NVD, CVE, and CWE have been utilized [79]. In addition to these datasets, some studies have used Android [65,68,69] or web [63,70,72] (PHP source code) datasets. In recent years, researchers have concentrated on deep learning for building binary classifiers [77], obtaining vulnerability patterns [78], and learning long-term dependencies in sequential data [68] and features directly from the source code [81].…”
Section: Data Mining In Vulnerability Analysismentioning
confidence: 99%
“…Several of the reviewed papers use this form of feature extraction due to the semantic benefits. Some of the reviewed works use a single form of graphical representation for their feature extraction [14–19, 71, 73, 75, 80, 87 ] (b) Code block‐based feature representation: For code block‐based feature representation, studies under this category utilise DNNs for extracting feature representations from sequential code entities such as function calls, code snippets, code gadgets, and so on. Some of the reviewed papers rely on the use of code block‐based representations of source code [67, 70, 72, 74, 76, 77, 82, 83, 85 ] (c) Text‐based feature representation: For this category of feature, representations are learned directly from the source code text surface.…”
Section: Taxonomy Of Deep Learning Techniques For Source Code Vulnementioning
confidence: 99%