Abstract
Software vulnerability poses a significant security threat to the simultaneous expansion of the digital revolution. With increasing numbers of software and their vulnerabilities, detecting vulnerabilities accurately is a substantial challenge. Various static and deep learning approaches are executed to make the tasks more manageable, but detection accuracy is still a significant factor. In this paper, we are introducing Common Vulnerability Detector (CVD), a deep learning-based vulnerability detection system that can analyze Object-Oriented Programming (OOP) Language assembled source codes and can detect vulnerabilities with the highest accuracy. We implemented a highly optimized Convolutional Recurrent Neural Network (CRNN) for source code analysis to achieve this. By implementing this model on a SARD dataset of C Sharp source codes, CVD could successfully detect six common and dangerous vulnerabilities with an accuracy of 96.10% and F1 score of 96.40%. We compared CVD with all the known and popular methods and CVD outperformed all of them. According to the performance and results, our proposed CVD model is a promising step in vulnerability detection. Furthermore, this model can be the stair for something revolutionary in the world of vulnerability detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Common Vulnerabilities Exposures (CVE) (2017). https://cve.mitre.org. Accessed 18 Oct 2020
Common Weakness Enumeration (CWE) (2017). https://cve.mitre.org. Accessed 18 Oct 2020
Efficiently Achieve Compliance With C# Testing Tools for.NET Development (2020). https://www.parasoft.com/products/parasoft-dottest. Accessed 18 Oct 2020
Identify all vulnerabilities in your source code (2020). https://www.parasoft.com/products/parasoft-dottest. Accessed 18 Oct 2020
Bengio, Y., LeCun, Y., Henderson, D.: Globally trained handwritten word recognizer using spatial representation, convolutional neural networks, and hidden Markov models. In: Advances in Neural Information Processing Systems, pp. 937–944 (1994)
Black, P.E.: A software assurance reference dataset: thousands of programs with known bugs. J. Res. Nat. Instit. Stand. Technol. 123, 1 (2018)
Bottou, L.: Large-scale machine learning with stochastic gradient descent. In: Proceedings of COMPSTAT 2010, pp. 177–186. Springer (2010). https://doi.org/10.1007/978-3-7908-2604-3_16
Bouchard, M., Jousselme, A.-L., Doré, P.-E.: A proof for the positive definiteness of the Jaccard index matrix. Int. J. Approximate Reason. 54(5), 615–626 (2013)
Butucea, C., Ndaoud, M., Stepanova, N.A., Tsybakov, A.B., et al.: Variable selection with hamming loss. Ann. Stat. 46(5), 1837–1875 (2018)
Chakraborty, S., Krishna, R., Ding, Y., Ray, B.: Deep learning based vulnerability detection: are we there yet. IEEE Trans. Softw. Eng. 1 (2021)
Chernis, B., Verma, R.: Machine learning methods for software vulnerability detection. In: Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, pp. 31–39 (2018)
Chung, J., Gulcehre, C., Cho, K., Bengio, Y.: Empirical evaluation of gated recurrent neural networks on sequence modeling. arXiv preprint arXiv:1412.3555 (2014)
Cohen, J.: A coefficient of agreement for nominal scales. Educ. Psychol. Measur. 20(1), 37–46 (1960)
Conneau, A., Schwenk, H., Barrault, L., Lecun, Y.: Very deep convolutional networks for natural language processing. arXiv preprint arXiv:1606.01781, 2 (2016)
Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)
Fang, Y., Han, S., Huang, C., Runpu, W.: TAP: a static analysis model for PHP vulnerabilities based on token and deep learning technology. PLoS ONE 14(11), e0225196 (2019)
Fang, Y., Liu, Y., Huang, C., Liu, L.: FastEmbed: predicting vulnerability exploitation possibility based on ensemble machine learning algorithm. PLoS ONE 15(2), e0228439 (2020)
Friedl, M.A., Brodley, C.E.: Decision tree classification of land cover from remotely sensed data. Remote Sens. Environ. 61(3), 399–409 (1997)
Fukunaga, K., Narendra, P.M.: A branch and bound algorithm for computing k-nearest neighbors. IEEE Trans. Comput. C-24(7), 750–753 (1975)
Guaman, D., Sarmiento, P.A., Barba-Guamán, L., Cabrera, P., Enciso, L.: Sonarqube as a tool to identify software metrics and technical debt in the source code through static analysis. In: 7th International Workshop on Computer Science and Engineering, WCSE, pp. 171–175 (2017)
Ho, T.K.: Random decision forests. In: Proceedings of 3rd International Conference on Document Analysis and Recognition, vol. 1, pp. 278–282. IEEE (1995)
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
Hosmer Jr, D.W., Lemeshow, S., Sturdivant, R.X.: Applied Logistic Regression, vol. 398. John Wiley & Sons (2013)
Huang, G., Li, Y., Wang, Q., Ren, J., Cheng, Y., Zhao, X.: Automatic classification method for software vulnerability based on deep neural network. IEEE Access 7, 28291–28298 (2019)
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)
Le, T.H.M., Chen, H., Babar, M.A.: Deep learning for source code modeling and generation: models, applications, and challenges. ACM Comput. Surveys (CSUR) 53(3), 1–38 (2020)
LeCun, Y.: Deep learning & convolutional networks. In: 2015 IEEE Hot Chips 27 Symposium (HCS), pp. 1–95. IEEE Computer Society (2015)
Li, Z., et al.: VulDeePecker: a deep learning-based system for vulnerability detection. arXiv preprint arXiv:1801.01681 (2018)
Lin, G., Wen, S., Han, Q.-L., Zhang, J., Xiang, Y.: Software vulnerability detection using deep neural networks: a survey. Proc. IEEE 108(10), 1825–1848 (2020)
Loper, E., Bird, S.: NLTK: the natural language toolkit. arXiv preprint cs/0205028, cs.CL/0205028 (2002)
Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Softw. Eng. 37(3), 371–386 (2010)
Pendleton, M., Garcia-Lebron, R., Cho, J.-H., Shouhuai, X.: A survey on systems security metrics. ACM Comput. Surv. (CSUR) 49(4), 1–35 (2016)
Sharma, V.: An analytical survey of recent worm attacks. Int. J. Comput. Sci. Network Secur. (IJCSNS) 11(11), 99–103 (2011)
Siddique, S., Ahmed, T., Talukder, M.R.A., Uddin, M.M.: English to Bangla machine translation using recurrent neural network. Int. J. Future Comput. Commun. 9(2) (2020)
Wu, F., Wang, J., Liu, J., Wang, W.: Vulnerability detection with deep learning. In: 2017 3rd IEEE International Conference on Computer and Communications (ICCC), pp. 1298–1302. IEEE (2017)
Xinogalos, S.: Studying students’ conceptual grasp of OOP concepts in two interactive programming environments. In: Lytras, M.D., et al. (eds.) WSKS 2008. CCIS, vol. 19, pp. 578–585. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87783-7_73
Zagane, M., Abdi, M.K., Alenezi, M.: Deep learning for software vulnerabilities detection using code metrics. IEEE Access 8, 74562–74570 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Siddique, S., Hridoy, AA.I., Khushbu, S.A., Das, A.K. (2023). CVD: An Improved Approach of Software Vulnerability Detection for Object Oriented Programming Languages Using Deep Learning. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2022, Volume 1. FTC 2022 2022. Lecture Notes in Networks and Systems, vol 559. Springer, Cham. https://doi.org/10.1007/978-3-031-18461-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-18461-1_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18460-4
Online ISBN: 978-3-031-18461-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)