The application of neural network for software vulnerability detection: a review

“…This method has high code coverage but is usually more prone to false positives [4,9,10]. Dynamic analysis is performed by running a set of test cases in the target system and analyzing its behaviour according to the actual requirements [3,4,9,16]. This method has higher miss rate and achieves less coverage, but it is generally more accurate and raises fewer false alarms [9].…”

“…SVD is the process of identifying weaknesses or flaws within software systems. It can be performed via two different analysis methods: (i) static and (ii) dynamic [9]. Static analysis consists of analyzing the source code to detect vulnerabilities.…”

“…Static analysis consists of analyzing the source code to detect vulnerabilities. This method has high code coverage but is usually more prone to false positives [4,9,10]. Dynamic analysis is performed by running a set of test cases in the target system and analyzing its behaviour according to the actual requirements [3,4,9,16].…”

“…Dynamic analysis is performed by running a set of test cases in the target system and analyzing its behaviour according to the actual requirements [3,4,9,16]. This method has higher miss rate and achieves less coverage, but it is generally more accurate and raises fewer false alarms [9]. In comparison to one another, dynamic analysis requires a substantial amount of computational power to generate and run multiple test cases in the System Under Test (SUT), whereas static analysis does not.…”

“…Since manual analysis of source code can be expensive and time-consuming, recent research has attempted to automate SVD using Deep Learning (DL). Literature works have been experimenting with various models and feature representations including implicit structural, syntax, and semantic features extracted from the source code [9,10]. Despite their efficacy in SVD, DL models face several limitations due to the complex nature of source code and lack of reliable data [4,11].…”

Large Language Models for Source Code Vulnerability Detection: A DiverseVul Analysis

“…This method has high code coverage but is usually more prone to false positives [4,9,10]. Dynamic analysis is performed by running a set of test cases in the target system and analyzing its behaviour according to the actual requirements [3,4,9,16]. This method has higher miss rate and achieves less coverage, but it is generally more accurate and raises fewer false alarms [9].…”

“…SVD is the process of identifying weaknesses or flaws within software systems. It can be performed via two different analysis methods: (i) static and (ii) dynamic [9]. Static analysis consists of analyzing the source code to detect vulnerabilities.…”

“…Static analysis consists of analyzing the source code to detect vulnerabilities. This method has high code coverage but is usually more prone to false positives [4,9,10]. Dynamic analysis is performed by running a set of test cases in the target system and analyzing its behaviour according to the actual requirements [3,4,9,16].…”

“…Dynamic analysis is performed by running a set of test cases in the target system and analyzing its behaviour according to the actual requirements [3,4,9,16]. This method has higher miss rate and achieves less coverage, but it is generally more accurate and raises fewer false alarms [9]. In comparison to one another, dynamic analysis requires a substantial amount of computational power to generate and run multiple test cases in the System Under Test (SUT), whereas static analysis does not.…”

“…Since manual analysis of source code can be expensive and time-consuming, recent research has attempted to automate SVD using Deep Learning (DL). Literature works have been experimenting with various models and feature representations including implicit structural, syntax, and semantic features extracted from the source code [9,10]. Despite their efficacy in SVD, DL models face several limitations due to the complex nature of source code and lack of reliable data [4,11].…”

Large Language Models for Source Code Vulnerability Detection: A DiverseVul Analysis

Defect-scanner: a comparative empirical study on language model and deep learning approach for software vulnerability detection

IT2F-SEDNN: an interval type-2 fuzzy logic-based stacked ensemble deep learning approach for early phase software dependability analysis