Premium
A performance evaluation of deep‐learnt features for software vulnerability detection
Author(s) -
Ban Xinbo,
Liu Shigang,
Chen Chao,
Chua Caslon
Publication year - 2018
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.5103
Subject(s) - computer science , vulnerability (computing) , software , artificial intelligence , vulnerability management , machine learning , malware , software security assurance , software quality , vulnerability assessment , data mining , computer security , software development , information security , operating system , psychology , psychological resilience , security service , psychotherapist
Summary Software vulnerability is a critical issue in the realm of cyber security. In terms of techniques, machine learning (ML) has been successfully used in many real‐world problems such as software vulnerability detection, malware detection and function recognition, for high‐quality feature representation learning. In this paper, we propose a performance evaluation study on ML based solutions for software vulnerability detection, conducting three experiments: machine learning‐based techniques for software vulnerability detection based on the scenario of single type of vulnerability and multiple types of vulnerabilities per dataset; machine learning‐based techniques for cross‐project software vulnerability detection; and software vulnerability detection when facing the class imbalance problem with varying imbalance ratios. Experimental results show that it is possible to employ software vulnerability detection based on ML techniques. However, ML‐based techniques suffer poor performance on both cross‐project and class imbalance problem in software vulnerability detection.