Detecting Cryptography Misuses With Machine Learning: Graph Embeddings, Transfer Learning and Data Augmentation in Source Code Related Tasks | IEEE Journals & Magazine | IEEE Xplore

Detecting Cryptography Misuses With Machine Learning: Graph Embeddings, Transfer Learning and Data Augmentation in Source Code Related Tasks


Abstract:

Cryptography is a ubiquitous tool in secure software development in order to guarantee security requirements in general. However, software developers have scarce knowledg...Show More

Abstract:

Cryptography is a ubiquitous tool in secure software development in order to guarantee security requirements in general. However, software developers have scarce knowledge about cryptography and rely on limited support tools that cannot properly detect bad uses of cryptography, thus generating vulnerabilities in software. In this work, we extend the scarcely use of machine learning to detect cryptography misuse in source code by using a state of the art deep learning model (i.e., code2vec) through transfer learning to generate features that feed machine learning models. In addition, we compare this approach to previous ones in different types of binary models. Also, we adapt code obfuscation to serve as data augmentation in machine learning source code related tasks. Finally, we show that through transfer learning code2vec can be a competitive feature generator for cryptography misuse detection and simple code obfuscation can be used to generate data to enhance machine learning models training in source code related tasks.
Published in: IEEE Transactions on Reliability ( Volume: 72, Issue: 4, December 2023)
Page(s): 1678 - 1689
Date of Publication: 07 February 2023

ISSN Information:

Funding Agency:


Contact IEEE to Subscribe

References

References is not available for this document.