License: Creative Commons Attribution 4.0 International license (CC BY 4.0)
When quoting this document, please refer to the following
DOI: 10.4230/OASIcs.SLATE.2021.14
URN: urn:nbn:de:0030-drops-144315
URL: https://drops.dagstuhl.de/opus/volltexte/2021/14431/
Go to the corresponding OASIcs Volume Portal


Baptista, Tiago ; Oliveira, Nuno ; Henriques, Pedro Rangel

Using Machine Learning for Vulnerability Detection and Classification

pdf-format:
OASIcs-SLATE-2021-14.pdf (1 MB)


Abstract

The work described in this paper aims at developing a machine learning based tool for automatic identification of vulnerabilities on programs (source, high level code), that uses an abstract syntax tree representation. It is based on FastScan, using code2seq approach. Fastscan is a recently developed system aimed capable of detecting vulnerabilities in source code using machine learning techniques. Nevertheless, FastScan is not able of identifying the vulnerability type. In the presented work the main goal is to go further and develop a method to identify specific types of vulnerabilities. As will be shown, the goal will be achieved by optimizing the model’s hyperparameters, changing the method of preprocessing the input data and developing an architecture that brings together multiple models to predict different specific vulnerabilities. The preliminary results obtained from the training stage, are very promising. The best f1 metric obtained is 93% resulting in a precision of 90% and accuracy of 85%, according to the performed tests and regarding a trained model to predict vulnerabilities of the injection type.

BibTeX - Entry

@InProceedings{baptista_et_al:OASIcs.SLATE.2021.14,
  author =	{Baptista, Tiago and Oliveira, Nuno and Henriques, Pedro Rangel},
  title =	{{Using Machine Learning for Vulnerability Detection and Classification}},
  booktitle =	{10th Symposium on Languages, Applications and Technologies (SLATE 2021)},
  pages =	{14:1--14:14},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-202-0},
  ISSN =	{2190-6807},
  year =	{2021},
  volume =	{94},
  editor =	{Queir\'{o}s, Ricardo and Pinto, M\'{a}rio and Sim\~{o}es, Alberto and Portela, Filipe and Pereira, Maria Jo\~{a}o},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2021/14431},
  URN =		{urn:nbn:de:0030-drops-144315},
  doi =		{10.4230/OASIcs.SLATE.2021.14},
  annote =	{Keywords: Vulnerability Detection, Source Code Analysis, Machine Learning}
}

Keywords: Vulnerability Detection, Source Code Analysis, Machine Learning
Collection: 10th Symposium on Languages, Applications and Technologies (SLATE 2021)
Issue Date: 2021
Date of publication: 10.08.2021


DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI