Abstract:
Code flaws or vulnerabilities are prevalent in software systems and can potentially cause a variety of problems including deadlock, hacking, information loss and system f...Show MoreMetadata
Abstract:
Code flaws or vulnerabilities are prevalent in software systems and can potentially cause a variety of problems including deadlock, hacking, information loss and system failure. A variety of approaches have been developed to try and detect the most likely locations of such code vulnerabilities in large code bases. Most of them rely on manually designing code features (e.g., complexity metrics or frequencies of code tokens) that represent the characteristics of the potentially problematic code to locate. However, all suffer from challenges in sufficiently capturing both semantic and syntactic representation of source code, an important capability for building accurate prediction models. In this paper, we describe a new approach, built upon the powerful deep learning Long Short Term Memory model, to automatically learn both semantic and syntactic features of code. Our evaluation on 18 Android applications and the Firefox application demonstrates that the prediction power obtained from our learned features is better than what is achieved by state of the art vulnerability prediction models, for both within-project prediction and cross-project prediction.
Published in: IEEE Transactions on Software Engineering ( Volume: 47, Issue: 1, 01 January 2021)
Funding Agency:
Faculty of Engineering and Information Sciences, School of Computing and Information Technology, University of Wollongong, Wollongong, NSW, Australia
Hoa Khanh Dam received the bachelor of computer science degree from the University of Melbourne in Australia, and the master's and PhD degrees in computer sciences from RMIT University. He is a senior lecturer with the School of Computing and Information Technology, University of Wollongong (UOW), in Australia. He is associate director for the Decision System Lab at UOW, heading its Software Engineering Analytics research...Show More
Hoa Khanh Dam received the bachelor of computer science degree from the University of Melbourne in Australia, and the master's and PhD degrees in computer sciences from RMIT University. He is a senior lecturer with the School of Computing and Information Technology, University of Wollongong (UOW), in Australia. He is associate director for the Decision System Lab at UOW, heading its Software Engineering Analytics research...View more
School of Information Technology, Deakin University, Waurn Ponds, Victoria, Australia
Truyen Tran received the bachelor of science degree from the University of Melbourne, in 2001, and the PhD degree in computer science from Curtin University, in 2008. He is associate professor at Deakin University where he leads a research team on deep learning and its applications to accelerating sciences, biomedicine and software analytics. He publishes regularly at top AI/ML/KDD venues such as CVPR, NIPS, UAI, AAAI, KD...Show More
Truyen Tran received the bachelor of science degree from the University of Melbourne, in 2001, and the PhD degree in computer science from Curtin University, in 2008. He is associate professor at Deakin University where he leads a research team on deep learning and its applications to accelerating sciences, biomedicine and software analytics. He publishes regularly at top AI/ML/KDD venues such as CVPR, NIPS, UAI, AAAI, KD...View more
School of Information Technology, Deakin University, Waurn Ponds, Victoria, Australia
Trang Pham received the bachelor's degree in computer science from Vietnam National University in 2014. She is working toward the PhD degree at Deakin University. Currently, her research focuses on Recurrent Neural Networks for Structured Data.
Trang Pham received the bachelor's degree in computer science from Vietnam National University in 2014. She is working toward the PhD degree at Deakin University. Currently, her research focuses on Recurrent Neural Networks for Structured Data.View more
Faculty of Engineering and Information Sciences, School of Computing and Information Technology, University of Wollongong, Wollongong, NSW, Australia
Ng Shien Wee received the bachelor's and honours degrees in computer science from the University of Wollongong (UOW), in 2015 and 2016, respectively. He is currently working toward the PhD degree in the School of Computing and Information Technology and a member of the Decision Support Lab (DSL), University of Wollongong.
Ng Shien Wee received the bachelor's and honours degrees in computer science from the University of Wollongong (UOW), in 2015 and 2016, respectively. He is currently working toward the PhD degree in the School of Computing and Information Technology and a member of the Decision Support Lab (DSL), University of Wollongong.View more
Faculty of Information Technology, Monash University, Clayton, Victoria, Australia
John Grundy is senior deputy dean of the Faculty of Information Technology at Monash University. His research interests include automated software engineering, software tools, human-centric software engineering, visual languages, software architecture, software security engineering and user interfaces. He is fellow of Automated Software Engineering and fellow of Engineers Australia. Contact him at john.grundy@monash.edu
John Grundy is senior deputy dean of the Faculty of Information Technology at Monash University. His research interests include automated software engineering, software tools, human-centric software engineering, visual languages, software architecture, software security engineering and user interfaces. He is fellow of Automated Software Engineering and fellow of Engineers Australia. Contact him at john.grundy@monash.eduView more
Faculty of Engineering and Information Sciences, School of Computing and Information Technology, University of Wollongong, Wollongong, NSW, Australia
Aditya Ghose received the bachelor of engineering degree in computer science and engineering from Jadavpur University, Kolkata, India, and the MSc and PhD degrees in computing science from the University of Alberta, Canada (he also spent parts of his PhD candidature at the Beckman Institute, University of Illinois at Urbana Champaign and the University of Tokyo). He is a professor of computer science at the University of ...Show More
Aditya Ghose received the bachelor of engineering degree in computer science and engineering from Jadavpur University, Kolkata, India, and the MSc and PhD degrees in computing science from the University of Alberta, Canada (he also spent parts of his PhD candidature at the Beckman Institute, University of Illinois at Urbana Champaign and the University of Tokyo). He is a professor of computer science at the University of ...View more
Contents Faculty of Engineering and Information Sciences, School of Computing and Information Technology, University of Wollongong, Wollongong, NSW, Australia
Hoa Khanh Dam received the bachelor of computer science degree from the University of Melbourne in Australia, and the master's and PhD degrees in computer sciences from RMIT University. He is a senior lecturer with the School of Computing and Information Technology, University of Wollongong (UOW), in Australia. He is associate director for the Decision System Lab at UOW, heading its Software Engineering Analytics research program. His research interests lie primarily in the intersection of software engineering, business process management and service-oriented computing, focusing on such areas as software engineering analytics, process analytics and service analytics. His research has won multiple Best Paper Awards (at WICSA, APCCM, and ASWEC) and ACM SIGSOFT Distinguished Paper Award (at MSR).
Hoa Khanh Dam received the bachelor of computer science degree from the University of Melbourne in Australia, and the master's and PhD degrees in computer sciences from RMIT University. He is a senior lecturer with the School of Computing and Information Technology, University of Wollongong (UOW), in Australia. He is associate director for the Decision System Lab at UOW, heading its Software Engineering Analytics research program. His research interests lie primarily in the intersection of software engineering, business process management and service-oriented computing, focusing on such areas as software engineering analytics, process analytics and service analytics. His research has won multiple Best Paper Awards (at WICSA, APCCM, and ASWEC) and ACM SIGSOFT Distinguished Paper Award (at MSR).View more
School of Information Technology, Deakin University, Waurn Ponds, Victoria, Australia
Truyen Tran received the bachelor of science degree from the University of Melbourne, in 2001, and the PhD degree in computer science from Curtin University, in 2008. He is associate professor at Deakin University where he leads a research team on deep learning and its applications to accelerating sciences, biomedicine and software analytics. He publishes regularly at top AI/ML/KDD venues such as CVPR, NIPS, UAI, AAAI, KDD and ICML. He has received multiple recognition, awards and prizes including Best Paper Runner Up at UAI (2009), Geelong Tech Award (2013), CRESP Best Paper of the Year (2014), Third Prize on Kaggle Galaxy-Zoo Challenge (2014), Title of Kaggle Master (2014), Best Student Papers Runner Up at PAKDD (2015) and ADMA (2016), and Distinguished Paper at ACM SIGSOFT (2015).
Truyen Tran received the bachelor of science degree from the University of Melbourne, in 2001, and the PhD degree in computer science from Curtin University, in 2008. He is associate professor at Deakin University where he leads a research team on deep learning and its applications to accelerating sciences, biomedicine and software analytics. He publishes regularly at top AI/ML/KDD venues such as CVPR, NIPS, UAI, AAAI, KDD and ICML. He has received multiple recognition, awards and prizes including Best Paper Runner Up at UAI (2009), Geelong Tech Award (2013), CRESP Best Paper of the Year (2014), Third Prize on Kaggle Galaxy-Zoo Challenge (2014), Title of Kaggle Master (2014), Best Student Papers Runner Up at PAKDD (2015) and ADMA (2016), and Distinguished Paper at ACM SIGSOFT (2015).View more
School of Information Technology, Deakin University, Waurn Ponds, Victoria, Australia
Trang Pham received the bachelor's degree in computer science from Vietnam National University in 2014. She is working toward the PhD degree at Deakin University. Currently, her research focuses on Recurrent Neural Networks for Structured Data.
Trang Pham received the bachelor's degree in computer science from Vietnam National University in 2014. She is working toward the PhD degree at Deakin University. Currently, her research focuses on Recurrent Neural Networks for Structured Data.View more
Faculty of Engineering and Information Sciences, School of Computing and Information Technology, University of Wollongong, Wollongong, NSW, Australia
Ng Shien Wee received the bachelor's and honours degrees in computer science from the University of Wollongong (UOW), in 2015 and 2016, respectively. He is currently working toward the PhD degree in the School of Computing and Information Technology and a member of the Decision Support Lab (DSL), University of Wollongong.
Ng Shien Wee received the bachelor's and honours degrees in computer science from the University of Wollongong (UOW), in 2015 and 2016, respectively. He is currently working toward the PhD degree in the School of Computing and Information Technology and a member of the Decision Support Lab (DSL), University of Wollongong.View more
Faculty of Information Technology, Monash University, Clayton, Victoria, Australia
John Grundy is senior deputy dean of the Faculty of Information Technology at Monash University. His research interests include automated software engineering, software tools, human-centric software engineering, visual languages, software architecture, software security engineering and user interfaces. He is fellow of Automated Software Engineering and fellow of Engineers Australia. Contact him at john.grundy@monash.edu
John Grundy is senior deputy dean of the Faculty of Information Technology at Monash University. His research interests include automated software engineering, software tools, human-centric software engineering, visual languages, software architecture, software security engineering and user interfaces. He is fellow of Automated Software Engineering and fellow of Engineers Australia. Contact him at john.grundy@monash.eduView more
Faculty of Engineering and Information Sciences, School of Computing and Information Technology, University of Wollongong, Wollongong, NSW, Australia
Aditya Ghose received the bachelor of engineering degree in computer science and engineering from Jadavpur University, Kolkata, India, and the MSc and PhD degrees in computing science from the University of Alberta, Canada (he also spent parts of his PhD candidature at the Beckman Institute, University of Illinois at Urbana Champaign and the University of Tokyo). He is a professor of computer science at the University of Wollongong. He leads a team conducting research into knowledge representation, agent systems, services, business process management, software engineering and optimization and draws inspiration from the cross-fertilization of ideas from this spread of research areas. He works closely with some of the leading global IT firms. Ghose is president of the Service Science Society of Australia and served as vice-president of CORE (2010-2014), Australia's apex body for computing academics.
Aditya Ghose received the bachelor of engineering degree in computer science and engineering from Jadavpur University, Kolkata, India, and the MSc and PhD degrees in computing science from the University of Alberta, Canada (he also spent parts of his PhD candidature at the Beckman Institute, University of Illinois at Urbana Champaign and the University of Tokyo). He is a professor of computer science at the University of Wollongong. He leads a team conducting research into knowledge representation, agent systems, services, business process management, software engineering and optimization and draws inspiration from the cross-fertilization of ideas from this spread of research areas. He works closely with some of the leading global IT firms. Ghose is president of the Service Science Society of Australia and served as vice-president of CORE (2010-2014), Australia's apex body for computing academics.View more
