The Coming Era of AlphaHacking?: A Survey of Automatic Software Vulnerability Detection, Exploitation and Patching Techniques

Ji, Tiantian; Wu, Yue; Wang, Chang; Zhang, Xi; Wang, Zhongru

doi:10.1109/dsc.2018.00017

Cited by 28 publications

(13 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Zheng et al (2021) evaluated vulnerability detection on source codes while Nguyen et al (2019) used machine learning to design SCDAN (Semi-supervised Code Domain Adaptation Network) that will predict the vulnerability detection performance. Ji et al (2018) investigated the capability of machine learning but Russell et al (2018) used machine learning and the features of C and C++ to develop vulnerability detection system. Li and Shao (2019) made use of the features of machine learning to analyze the problems and challenges of software vulnerability detection.…”

Section: Analysis and Resultsmentioning

confidence: 99%

A systematic literature review of software vulnerability detection

2022

EJCSIT

View full text Add to dashboard Cite

This study provided a systematic literature review of software vulnerability detection (SVD) by searching ACM and IEEE databases for related literatures. Using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) flowchart, a total of 55 studies published in the selected journals and conference proceeding of IEEE and ACM from 2015 to 2021 were reviewed. The objective is to identify, select and critically evaluate research works carried out on software vulnerability detection. The selected articles were grouped into 7 categories across various vulnerability detection evaluation criteria such as neural network – 5 papers, machine learning – 11 papers, static and dynamic analysis – 8 papers, code clone – 3 papers, classification – 4 papers, models – 3 papers, and frameworks – 6 papers. There are 15 articles that could not fall into any of these 7 categories, thus, they were place in others row that used different criteria to implement vulnerability detection. The result showed that many researchers used machine learning strategy to detect vulnerability in software since large volume of data can be reviewed easily with machine learning. Although many systems have been developed for detecting software vulnerability, none is able to show the type of vulnerability detected.

show abstract

Section: Analysis and Resultsmentioning

confidence: 99%

A systematic literature review of software vulnerability detection

2022

EJCSIT

View full text Add to dashboard Cite

show abstract

“…Wang et al [77] reviewed machine learning-based fuzzing techniques for vulnerability discovery. Ji et al [24] briefly reviewed the studies of adopting automated systems for detecting, patching, and exploiting software vulnerabilities.…”

Section: Related Reviewsmentioning

confidence: 99%

Software Vulnerability Analysis and Discovery Using Deep Learning Techniques: A Survey

et al. 2020

View full text Add to dashboard Cite

Exploitable vulnerabilities in software have attracted tremendous attention in recent years because of their potentially high severity impact on computer security and information safety. Many vulnerability detection methods have been proposed to aid code inspection. Among these methods, there is a line of studies that apply machine learning techniques and achieve promising results. This paper reviews 22 recent studies that adopt deep learning to detect vulnerabilities, aiming to show how they utilize state-ofthe-art neural techniques to capture possible vulnerable code patterns. Among reviewed studies, we identify four game changers that significantly impact the domain of deep learning-based vulnerability detection and provide detailed reviews of the insights, ideas, and concepts that the game changers have brought to this field of interest. Based on the four identified game changers, we review the remaining studies, presenting their approaches and solutions which either build on or extend the game changers, and sharing our views on the future research trends. We also highlight the challenges faced in this field and discuss potential research directions. We hope to motivate the readers to conduct further research in this developing but fast-growing field.INDEX TERMS deep learning, vulnerability detection.

show abstract

“…As software becomes more and more complicated, software vulnerabilities caused by design flaws and implementation errors become an inevitable problem in engineering [1]. According to statistics released by the Common Vulnerabilities and Exposures (CVE) [2] and National Vulnerability Database (NVD) [3], the number of software vulnerabilities has increased from 1600 to nearly 100000 since 1999 [4]. Software systems containing these vulnerabilities will face serious security risks.…”

Section: Introductionmentioning

confidence: 99%

An Automatic Source Code Vulnerability Detection Approach Based on KELM

Tang

Yang²,

Ren³

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Traditional vulnerability detection mostly ran on rules or source code similarity with manually defined vulnerability features. In fact, these vulnerability rules or features are difficult to be defined accurately, which usually cost much expert labor and perform weakly in practical applications. To mitigate this issue, researchers introduced neural networks to automatically extract features to improve the intelligence of vulnerability detection. Bidirectional Long Short-term Memory (Bi-LSTM) network has proved a success for software vulnerability detection. However, due to complex context information processing and iterative training mechanism, training cost is heavy for Bi-LSTM. To effectively improve the training efficiency, we proposed to use Extreme Learning Machine (ELM). The training process of ELM is noniterative, so the network training can converge quickly. As ELM usually shows weak precision performance because of its simple network structure, we introduce the kernel method. In the preprocessing of this framework, we introduce doc2vec for vector representation and multilevel symbolization for program symbolization. Experimental results show that doc2vec vector representation brings faster training and better generalizing performance than word2vec. ELM converges much quickly than Bi-LSTM, and the kernel method can effectively improve the precision of ELM while ensuring training efficiency.

show abstract

The Coming Era of AlphaHacking?: A Survey of Automatic Software Vulnerability Detection, Exploitation and Patching Techniques

Cited by 28 publications

References 47 publications

A systematic literature review of software vulnerability detection

A systematic literature review of software vulnerability detection

Software Vulnerability Analysis and Discovery Using Deep Learning Techniques: A Survey

An Automatic Source Code Vulnerability Detection Approach Based on KELM

Contact Info

Product

Resources

About