Convolutional neural network for software vulnerability detection

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)
143 Downloads (Pure)

Abstract

Exploitable vulnerabilities in software are one of the root causes of cybercrime, leading to financial losses, reputational damage, and wider security breaches for both enterprise and consumers. Furthermore, checking for vulnerabilities in software is no longer a human-scale problem due to code volume and complexity. To help address this problem, our work presents a deep learning model able to identify risk signals in Java source code and output a classification for a program as either vulnerable or safe. Sequences of raw Java opcodes are used to train a convolutional neural network that automatically encapsulates discriminative characteristics of a program that are then used for the prediction. Compared to traditional machine learning methods, this approach requires no prior knowledge of the software vulnerability domain, nor any hand-crafted input features. When evaluated on the publicly available benchmark dataset Juliet Test Suite containing 38520 vulnerable and 38806 safe programs, our method achieves an F1 score of 0.92.

Original languageEnglish
Title of host publicationProceedings of the 1st Cyber Research Conference Ireland, Cyber-RCI 2022
EditorsMichael Lang, Séamus Dowling
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages4
ISBN (Electronic)9781665474221
ISBN (Print)9781665474238
DOIs
Publication statusPublished - 07 Feb 2023
Event1st Cyber Research Conference Ireland: Cyber-RCI - GMIT Campus, Galway, Ireland
Duration: 25 Apr 202225 Apr 2022
https://cyber-rci.com/2022/

Conference

Conference1st Cyber Research Conference Ireland
Country/TerritoryIreland
CityGalway
Period25/04/202225/04/2022
Internet address

Fingerprint

Dive into the research topics of 'Convolutional neural network for software vulnerability detection'. Together they form a unique fingerprint.

Cite this