Advanced search
Publication Cover
Cogent Engineering Volume 10, 2023 - Issue 1
Submit an article Journal homepage
1,036
Views
0
CrossRef citations to date
0
Altmetric
Computer Science

A new approach to software vulnerability detection based on CPG analysis

Cho Do Xuan1 Faculty of Information Security, Posts and Telecommunications Institute of Technology, Hanoi, VietnamCorrespondence[email protected]
Article: 2221962 | Received 25 Oct 2022, Accepted 31 May 2023, Published online: 29 Jun 2023

References

  • Albawi, S., Abed Mohammed, T., & Al-Zawi, S. (2017). Understanding of a convolutional neural network. Proceedings of the International Conference on Engineering and Technology (ICET), Antalya, Turkey (pp. 1–6). https://ieeexplore.ieee.org/document/8308186
  • Almulihi, A., Alassery, F., Khan, A., Shukla, S., Gupta, B., & Kumar, R. (2022). Analyzing the Implications of Healthcare Data Breaches through Computational Technique. Intelligent Automation & Soft Computing, 32(3), 1763–16. https://doi.org/10.32604/iasc.2022.023460
  • Attaallah, A., Alsuhabi, H., Shukla, S., Kumar, R., Gupta, B., & Khan, R. (2022). Analyzing the Big Data Security Through a Unified Decision-Making Approach. Intelligent Automation & Soft Computing, 32(2), 1071–1088. https://doi.org/10.32604/iasc.2022.022569
  • Ben-Nun, T., Jakobovits, A. S., & Hoefler, T. (2018). Neural code comprehension: A learnable representation of code semantics. Proceedings of the Advances in Neural Information Processing Systems, Montréal, QC, Canada.
  • Cai, M., Jiang, Y., Gao, C., Li, H., & Yuan, W. (2021). Learning features from enhanced function call graphs for Android malware detection. Neurocomputing, 423, 301–307. https://doi.org/10.1016/j.neucom.2020.10.054
  • Cheng, X., Wang, H., Hua, J., Xu, G., & Sui, Y. (2021). DeepWukong: Statically Detecting Software Vulnerabilities Using Deep Graph Neural Network. ACM Transactions on Software Engineering and Methodology, 30(3), 1–33. https://doi.org/10.1145/3436877
  • Cheng, X., Wang, H., Hua, J., Zhang, M., Xu, G., Yi, L., & Sui, Y. (2019). Static Detection of Control-Flow-Related Vulnerabilities Using Graph Embedding, 41–50. https://doi.org/10.1109/ICECCS.2019.00012
  • Cheng, X., Zhang, G., Wang, H., & Sui, Y. (2022). Path-sensitive code embedding via contrastive learning for software vulnerability detection, ISSTA: International Symposium on Software Testing and Analysis, 519. https://doi.org/10.1145/3533767.3534371
  • Chen, D., Zhang, Y.-D., Wei, W., Wang, S.-X., Huang, R.-B., Li, X.-L., Qu, B.-B., & Jiang, S. (2017). Efficient vulnerability detection based on an optimized rule-checking static analysis technique. Frontiers of Information Technology & Electronic Engineering, 18(3), 332–345. https://doi.org/10.1631/FITEE.1500379
  • Dam, H. K., Pham, T., Ng, S. W., Tran, T., Grundy, J., Ghose, A., Kim, T., & Kim, C.-J. (2018). A deep tree-based model for software defect prediction. https://arxiv.org/abs/1802.00921.
  • Do Xuan, C., Ngoc Son, V., & Duc, D. (2022). Automatically detect software security vulnerabilities based on natural language processing techniques and machine learning algorithms. Journal of ICT Research and Applications, 16(1), 70–87. https://doi.org/10.5614/itbj.ict.res.appl.2022.16.1.5
  • Duan, K., Sathiya Keerthi, S., Chu, W., Shevade, S. K., & Poo, A. N. (2003). Multi-category classification by soft-max combination of binary classifiers. Proceedings of the 4th International Workshop, MCS, Guilford, UK (pp. 125–134).
  • Ferrante, J., Ottenstein, K. J., & Warren, J. D. (1989). The program dependence graph and its use in optimization. ACM Transactions on Programming Languages and Systems, 9(3), 319–349. https://doi.org/10.1145/24039.24041
  • Gascon, H., Yamaguchi, F., Arp, D., & Rieck, K. (2013). Structural detection of android malware using embedded call graphs. Proceedings of the ACM workshop on Artificial intelligence and security, Berlin, Germany (pp. 45–54).
  • Goy, P., & Ferrara, E. (2018). Graph embedding techniques, applications, and performance: A survey. Knowledge-Based Systems, 151, 78–94. https://doi.org/10.1016/j.knosys.2018.03.022
  • Grieco, G., Grinblat, G. L., Uzal, L. C., Rawat, S., Feist, J., & Mounier, L. (2016). Toward large-scale vulnerability discovery using machine learning. Proceedings of the 6th ACM on Conference on Data and Application Security and Privacy, New Orleans, Louisiana USA (pp. 85–96).
  • Harer, J. A., Kim, L. Y., Russell, R. L., Ozdemir, O., Kosta, L. R., Rangamani, A., Hamilton, L. H., Centeno, G. I., Key, J. R., Ellingwood, P. M., Antelman, E., Mackay, A., McConley, M. W., Opper, J. M., & Peter Chin, T. (2018). Automated software vulnerability detection with machine learning.
  • Haridas, P., Chennupati, G., Santhi, N., Romero, P., & Eidenbenz, S. (2020). Code characterization with graph convolutions and capsule networks. IEEE Access, 8, 136307–136315. https://doi.org/10.1109/ACCESS.2020.3011909
  • Hu, J., Chen, J., Zhang, L., Liu, Y., Bao, Q., & Arthur, H. A. (2020). A memory-related vulnerability detection approach based on vulnerability features. Tsinghua Science and Technology, 25(5), 604–613. https://doi.org/10.26599/TST.2019.9010068
  • Lee, M., Cho, S., Jang, C., Park, H., & Choi, E. (2006). A rule based security auditing tool for software vulnerability detection. Proceedings of the 2006 International Conference on Hybrid Information Technology, Cheju, Korea (South), 2, 505–512. https://doi.org/10.1109/ICHIT.2006.253653
  • Le, Q., & Mikolov, T. (2014). Distributed representations of sentences and documents. Proceedings of the 31st International Conference on Machine Learning, Beijing, China, 32, 1188–1196.
  • Li, L., Feng, H., Zhuang, W., Meng, N., & Ryder, B. (2017). Cclearner: A deep learning-based clone detection approach. Proceedings of the 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME), Shanghai, China (pp. 249–260).
  • Li, M., Li, C., Li, S., Wu, Y., Zhang, B., & Wen, Y. (2021). ACGVD: Vulnerability detection based on comprehensive graph via graph neural network with attention. Proceedings of the ICICS 2021: Information and Communications Security, Chongqing, China (pp. 243–259).
  • Lin, G., Zhang, J., Luo, W., Pan, L., De Vel, O., Montague, P., & Xiang, Y. (2021). Software vulnerability discovery via learning multi-domain knowledge bases. IEEE Transactions on Dependable and Secure Computing, 18(5), 2469–2485. https://doi.org/10.1109/TDSC.2019.2954088
  • Li, Y., Wang, S., & Nguyen, T. N. (2021). Vulnerability detection with fine-grained interpretations. Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Association for Computing Machinery, New York, NY, USA (pp. 292–303). https://doi.org/10.1145/3468264.3468597
  • Li, Z., Zou, D., Tang, J., Zhang, Z., Sun, M., & Jin, H. (2019). A comparative study of deep learning-based vulnerability detection system. IEEE Acces, 7, 103184–103197. https://doi.org/10.1109/ACCESS.2019.2930578
  • Li, Z., Zou, D., Xu, S., Jin, H., Qi, H., & Hu, J. (2016). VulPecker: An automated vulnerability detection system based on code similarity analysis. Proceedings of the 32nd Annual Conference on Computer Security Applications, Los Angeles California USA (pp. 201–213).
  • Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., & Chen, Z. (2018). SySeVR: A framework for using deep learning to detect software vulnerabilities. IEEE Transactions on Dependable and Secure Computing. https://doi.org/10.1109/TDSC.2021.3051525
  • Li, Z., Zou, D., Xu, S., Ou, X., Jin, H., Wang, S., Deng, Z., & Zhong, Y. (2018). VulDeePecker: A deep learningbased system for vulnerability detection. https://arxiv.org/abs/1801.01681
  • Makarov, I., Kiselev, D., Nikitinsky, N., & Subelj, L. (2021). Survey on graph embeddings and their applications to machine learning problems on graphs. Peer Journal Computer Science, 7(3), e357. https://doi.org/10.7717/peerj-cs.357
  • Russell, R., Kim, L., Hamilton, L., Lazovich, T., Harer, J. A., Ozdemir, O., Ellingwood, P. M., & McConley, M. W. (2018). Automated vulnerability detection in source code using deep representation learning.
  • Sahu, K., Al-Zahrani, F. A., Srivastava, R. K., & Kumar, R. (2020). Hesitant Fuzzy Sets Based Symmetrical Model of Decision-Making for Estimating the Durability of Web Application. Symmetry, 12(11), 1–20. https://doi.org/10.3390/sym12111770
  • Sahu, K., Al-Zahrani, F. A., Srivastava, R. K., & Kumar, R. (2021). Evaluating the Impact of Prediction Techniques: Software Reliability Perspective. Computers Materials and Continua, 67(2), 1471–1488. https://doi.org/10.32604/cmc.2021.014868
  • Sahu, K., & Srivastava, R. K. (2018). Soft computing approach for prediction of software reliability. ICIC Express Letters, 12, 1213–1222. https://doi.org/10.24507/icicel.12.12.1213
  • Sahu, K., & Srivastava, R. K. (2020). Needs and importance of reliability prediction: An industrial perspective. Information Sciences Letters, 9, 33–37. https://doi.org/10.18576/isl/090105
  • Shen, Z., & Chen, S. (2020). A survey of automatic software vulnerability detection, program repair, and defect prediction techniques. Security and Communication Networks, 2020, 1–16. https://doi.org/10.1155/2020/8858010
  • Sui, Y., Cheng, X., Zhang, G., & Wang, H. (2020). Flow2vec: Value-flow-based precise code embedding. Proceedings of the ACM on Programming Languages, 4(OOPSLA), 1–27. https://doi.org/10.1145/3428301
  • Tang, G., Yang, L., Ren, S., Meng, L., Yang, F., & Wang, H. (2021). An automatic source code vulnerability detection approach based on KELM. Security and Communication Networks, 2021, 1–12. https://doi.org/10.1155/2021/5566423
  • Tian, H., Xu, J., Lian, K., & Zhang, Y. 2009. Research on strong-association rule based web application vulnerability detection. Proceedings of the International Conference on Computer Science and Information Technology (CSIT),Beijing, China (pp. 2).
  • Tomas, M., Chen, K., Corrado, G., & Dean, J. (2013). Efficient estimation of word representations in vector space. https://arxiv.org/abs/1301.3781
  • Wang, H., Ye, G., Tang, Z., & Hwei Tan, S. (2020). Combining graph-based learning with automated data collection for code vulnerability detection. Proceedings of the IEEE Transactions on Information Forensics and Security, 16, 1943–1958. https://doi.org/10.1109/TIFS.2020.3044773
  • Wei, H., & Li, M. (2017). Supervised deep features for software functional clone detection by exploiting lexical and syntactical information in source code. Proceedings of the TwentySixth International Joint Conference on Artificial Intelligence, Melbourne Australia (pp. 3034–3040).
  • Wu, P., Yin, L., Du, X., Jia, L., & Dong, W. (2020). Graph-based vulnerability detection via extracting features from sliced code. Proceedings of the IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C), Macau, China.
  • Xu, K., Hu, K., Leskovec, J., & Jegelka, S. (2019). How powerful are graph neural networks? Proceedings of the International Conference on Learning Representations (ICLR 2019), New Orleans, LA, USA (pp. 1–17).
  • Yamaguchi, F., Golde, N., Arp, D., & Rieck, K. (2014). Modeling and discovering vulnerabilities with code property graphs. Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, USA.
  • Yamaguchi, F., Lottmann, M., & Rieck, K. (2012). Generalized vulnerability extrapolation using abstract syntax trees. Proceedings of the Annual Computer Security Applications Conference, Orlando Florida, USA, 2, 358–368. https://doi.org/10.1145/2420950.2421003
  • Zheng, W., Gao, J., Wu, X., Liu, F., Xun, Y., Liu, G., & Chen, X. (2020). The impact factors on the performance of machine learning-based vulnerability detection: A comparative study. Journal of Systems & Software, 168, 110659. https://doi.org/10.1016/j.jss.2020.110659
  • Zhou, J., Cui, G., Hu, S., Zhang, Z., Yang, C., Liu, Z., Wang, L., Li, C., & Sun, M. (2020). Graph neural networks: A review of methods and applications. AI Open, 1, 57–81. https://doi.org/10.1016/j.aiopen.2021.01.001

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.