DCW-RNN: Improving Class Level Metrics for Software Vulnerability Detection Using Artificial Immune System with Clock-Work Recurrent Neural Network

Şahin, Canan Batur

doi:10.1109/inista52262.2021.9548609

Cited by 7 publications

(4 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Reasoning about processes at multiple time scales is facilitated by Clock-Work RNN (CW-RNN) models, making calculations only at the prescribed clock rate. Neurons of various modules are connected on the basis of the modules' clock periods [23].…”

Section: Methodsmentioning

confidence: 99%

Learning Optimized Patterns of Software Vulnerabilities with the Clock-Work Memory Mechanism

Şahin

2022

EJOSAT

View full text Add to dashboard Cite

It is possible to better provide the security of the codebase and keep testing efforts at a minimum level by detecting vulnerable codes early in the course of software development. We assume that nature-inspired metaheuristic optimization algorithms can obtain “optimized patterns” from vulnerabilities created in an artificial manner. This study aims to use nature-inspired optimization algorithms combining heterogeneous data sources with the objective of learning optimized representations of vulnerable source codes. The chosen vulnerability-relevant data sources are cross-domain, involving historical vulnerability data from variable software projects and data from the Software Assurance Reference Database (SARD) comprising vulnerability examples. The main purpose of this paper is to outline the state-of-the-art and to analyze and discuss open challenges with regard to the most relevant areas in the field of bio-inspired optimization based on the representation of software vulnerability. Empirical research has demonstrated that the optimized representations produced by the suggested nature-inspired optimization algorithms are feasible and efficient and can be transferred for real-world vulnerability detection.

show abstract

Section: Methodsmentioning

confidence: 99%

Learning Optimized Patterns of Software Vulnerabilities with the Clock-Work Memory Mechanism

Şahin

2022

EJOSAT

View full text Add to dashboard Cite

show abstract

“…Reasoning about processes at multiple time scales is facilitated by Clock-Work RNN (CW-RNN) models, making calculations solely at the prescribed clock rate. Neurons of various modules are connected on the basis of the modules'clock periods [14].…”

Section: Methodsmentioning

confidence: 99%

Optimization of Software Vulnerabilities patterns with the Meta-Heuristic Algorithms

Şahin

2022

Türk Doğa Ve Fen Dergisi

View full text Add to dashboard Cite

Yazılım güvenlik açığının tahmini, güvenli yazılım geliştirmek için önemli bir husustur. Ancak, bir bilgi sistemine saldırı yapıldığında büyük kayıplara neden olabilir. Tehlikeli kodun tespiti büyük çaba gerektirir ve bu da bilinmeyen ciddi sonuçlara yol açabilir. Etkili güvenlik sağlamak ve güvenlik açıklarının oluşmasını önlemek veya güvenlik açıklarını azaltmak için meta-sezgisel tabanlı yaklaşımlar geliştirmeye güçlü bir ihtiyaç vardır. Yazılım güvenlik açığı tahmin modelleri üzerine yapılan araştırmalar, temel olarak, güvenlik açıklarının varlığı ile ilişkili en iyi tahmin ediciler kümesini belirlemeye odaklanmıştır. Buna rağmen, mevcut güvenlik açığı algılama yöntemleri, genel özelliklere veya yerel özelliklere yönelik önyargı ve kaba algılama ayrıntı düzeyine sahiptir. Bu yazıda, önerilen çerçeve, bir saat-çalışma belleği mekanizmasına dayalı yazılım güvenlik açıkları ile ilişkili en iyi optimize edilmiş güvenlik açığı kalıpları kümesi için optimizasyon algoritmalarını geliştirmektedir. Geliştirilen algoritmanın etkinliği, LibTIFF, Pidgin, FFmpeg, LibPNG, Asteriks ve VLC medya oynatıcı veri kümeleri gibi 6 açık kaynak projesine dayanan saatli çalışan bellek mekanizması ile daha da artırılmıştır.

show abstract

“…Limitation ②: Their GNN architecture still cannot effectively capture meaningful deep dependencies and semantics of source code. The existing DL-based methods rely on GNN or RNN-based [37] architectures to generate code representations, which can encounter problems when dealing with complex sequences. The RNN model processes the sequence token by token, where the model considers the context vector of the previous token for long-term dependencies when processing each token.…”

Section: Research Movitationmentioning

confidence: 99%

Guard2Vul: Vulnerability Detection viaGradient-based Adversarial TrainingEnhanced Graph Learning

Shen,

Ju,

et al. 2024

Preprint

View full text Add to dashboard Cite

Modern software security is challenged by vulnerabilities, which canlead to severe consequences, including loss of information, property, andprivacy disclosure. Recently, graph-based deep learning methods havebeen proven as a promising solution for vulnerability detection at func-tional granularity. However, previous studies still face challenges, suchas structural imbalances, complex connections in abstract syntax treesof functions, and insufficient training data. In this study, we proposeGuard2Vul, which combines a graph neural network with a residualnetwork to jointly capture deeper semantic and structural features,specifically, source code and node dependencies. Moreover, we utilizeGraphSMOTE and DGD, a dropout-enhanced gradient adversarial train-ing technique, to conduct data augmentation and automatically improvenormalized stability. To demonstrate the effectiveness of Guard2Vul, we evaluate its performance on four experimental subjects by different pro-gramming languages, such as C/C++ and Java. To show the competitive-ness of Guard2Vul, we consider five Deep Learning-based vulnerabilitydetection approaches (i.e., TokenCNN, Sysevr, VulDeePecker, Devign,and Reveal) as baselines. The results indicate that Guard2Vul out-performs these baselines, achieving at least 13.4%, 28.9%, 6.2%, and12.1% higher F1-measure on four experimental subjects. Finally, weperform ablation experiments to demonstrate the effectiveness of ourcustomized components, namely enhanced graph representation learningand the gradient-based adversarial training method, in Guard2Vul.

show abstract

DCW-RNN: Improving Class Level Metrics for Software Vulnerability Detection Using Artificial Immune System with Clock-Work Recurrent Neural Network

Cited by 7 publications

References 7 publications

Learning Optimized Patterns of Software Vulnerabilities with the Clock-Work Memory Mechanism

Learning Optimized Patterns of Software Vulnerabilities with the Clock-Work Memory Mechanism

Optimization of Software Vulnerabilities patterns with the Meta-Heuristic Algorithms

Guard2Vul: Vulnerability Detection viaGradient-based Adversarial TrainingEnhanced Graph Learning

Contact Info

Product

Resources

About