Abstract
Exploitable vulnerabilities in software are one of the root causes of cybercrime, leading to financial losses, reputational damage, and wider security breaches for both enterprise and consumers. Furthermore, checking for vulnerabilities in software is no longer a human-scale problem due to code volume and complexity. To help address this problem, our work presents a deep learning model able to identify risk signals in Java source code and output a classification for a program as either vulnerable or safe. Sequences of raw Java opcodes are used to train a convolutional neural network that automatically encapsulates discriminative characteristics of a program that are then used for the prediction. Compared to traditional machine learning methods, this approach requires no prior knowledge of the software vulnerability domain, nor any hand-crafted input features. When evaluated on the publicly available benchmark dataset Juliet Test Suite containing 38520 vulnerable and 38806 safe programs, our method achieves an F1 score of 0.92.
Original language | English |
---|---|
Title of host publication | Proceedings of the 1st Cyber Research Conference Ireland, Cyber-RCI 2022 |
Editors | Michael Lang, Séamus Dowling |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Number of pages | 4 |
ISBN (Electronic) | 9781665474221 |
ISBN (Print) | 9781665474238 |
DOIs | |
Publication status | Published - 07 Feb 2023 |
Event | 1st Cyber Research Conference Ireland: Cyber-RCI - GMIT Campus, Galway, Ireland Duration: 25 Apr 2022 → 25 Apr 2022 https://cyber-rci.com/2022/ |
Conference
Conference | 1st Cyber Research Conference Ireland |
---|---|
Country/Territory | Ireland |
City | Galway |
Period | 25/04/2022 → 25/04/2022 |
Internet address |