Skip to main content
SpringerLink
Log in

CVD: An Improved Approach of Software Vulnerability Detection for Object Oriented Programming Languages Using Deep Learning

  • Conference paper
  • First Online:
Proceedings of the Future Technologies Conference (FTC) 2022, Volume 1 (FTC 2022 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 559))

Included in the following conference series:

Abstract

Software vulnerability poses a significant security threat to the simultaneous expansion of the digital revolution. With increasing numbers of software and their vulnerabilities, detecting vulnerabilities accurately is a substantial challenge. Various static and deep learning approaches are executed to make the tasks more manageable, but detection accuracy is still a significant factor. In this paper, we are introducing Common Vulnerability Detector (CVD), a deep learning-based vulnerability detection system that can analyze Object-Oriented Programming (OOP) Language assembled source codes and can detect vulnerabilities with the highest accuracy. We implemented a highly optimized Convolutional Recurrent Neural Network (CRNN) for source code analysis to achieve this. By implementing this model on a SARD dataset of C Sharp source codes, CVD could successfully detect six common and dangerous vulnerabilities with an accuracy of 96.10% and F1 score of 96.40%. We compared CVD with all the known and popular methods and CVD outperformed all of them. According to the performance and results, our proposed CVD model is a promising step in vulnerability detection. Furthermore, this model can be the stair for something revolutionary in the world of vulnerability detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Common Vulnerabilities Exposures (CVE) (2017). https://cve.mitre.org. Accessed 18 Oct 2020

  2. Common Weakness Enumeration (CWE) (2017). https://cve.mitre.org. Accessed 18 Oct 2020

  3. Efficiently Achieve Compliance With C# Testing Tools for.NET Development (2020). https://www.parasoft.com/products/parasoft-dottest. Accessed 18 Oct 2020

  4. Identify all vulnerabilities in your source code (2020). https://www.parasoft.com/products/parasoft-dottest. Accessed 18 Oct 2020

  5. Bengio, Y., LeCun, Y., Henderson, D.: Globally trained handwritten word recognizer using spatial representation, convolutional neural networks, and hidden Markov models. In: Advances in Neural Information Processing Systems, pp. 937–944 (1994)

    Google Scholar 

  6. Black, P.E.: A software assurance reference dataset: thousands of programs with known bugs. J. Res. Nat. Instit. Stand. Technol. 123, 1 (2018)

    Google Scholar 

  7. Bottou, L.: Large-scale machine learning with stochastic gradient descent. In: Proceedings of COMPSTAT 2010, pp. 177–186. Springer (2010). https://doi.org/10.1007/978-3-7908-2604-3_16

  8. Bouchard, M., Jousselme, A.-L., Doré, P.-E.: A proof for the positive definiteness of the Jaccard index matrix. Int. J. Approximate Reason. 54(5), 615–626 (2013)

    Article  MathSciNet  Google Scholar 

  9. Butucea, C., Ndaoud, M., Stepanova, N.A., Tsybakov, A.B., et al.: Variable selection with hamming loss. Ann. Stat. 46(5), 1837–1875 (2018)

    Google Scholar 

  10. Chakraborty, S., Krishna, R., Ding, Y., Ray, B.: Deep learning based vulnerability detection: are we there yet. IEEE Trans. Softw. Eng. 1 (2021)

    Google Scholar 

  11. Chernis, B., Verma, R.: Machine learning methods for software vulnerability detection. In: Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, pp. 31–39 (2018)

    Google Scholar 

  12. Chung, J., Gulcehre, C., Cho, K., Bengio, Y.: Empirical evaluation of gated recurrent neural networks on sequence modeling. arXiv preprint arXiv:1412.3555 (2014)

  13. Cohen, J.: A coefficient of agreement for nominal scales. Educ. Psychol. Measur. 20(1), 37–46 (1960)

    Article  Google Scholar 

  14. Conneau, A., Schwenk, H., Barrault, L., Lecun, Y.: Very deep convolutional networks for natural language processing. arXiv preprint arXiv:1606.01781, 2 (2016)

  15. Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)

    Article  Google Scholar 

  16. Fang, Y., Han, S., Huang, C., Runpu, W.: TAP: a static analysis model for PHP vulnerabilities based on token and deep learning technology. PLoS ONE 14(11), e0225196 (2019)

    Article  Google Scholar 

  17. Fang, Y., Liu, Y., Huang, C., Liu, L.: FastEmbed: predicting vulnerability exploitation possibility based on ensemble machine learning algorithm. PLoS ONE 15(2), e0228439 (2020)

    Article  Google Scholar 

  18. Friedl, M.A., Brodley, C.E.: Decision tree classification of land cover from remotely sensed data. Remote Sens. Environ. 61(3), 399–409 (1997)

    Google Scholar 

  19. Fukunaga, K., Narendra, P.M.: A branch and bound algorithm for computing k-nearest neighbors. IEEE Trans. Comput. C-24(7), 750–753 (1975)

    Google Scholar 

  20. Guaman, D., Sarmiento, P.A., Barba-Guamán, L., Cabrera, P., Enciso, L.: Sonarqube as a tool to identify software metrics and technical debt in the source code through static analysis. In: 7th International Workshop on Computer Science and Engineering, WCSE, pp. 171–175 (2017)

    Google Scholar 

  21. Ho, T.K.: Random decision forests. In: Proceedings of 3rd International Conference on Document Analysis and Recognition, vol. 1, pp. 278–282. IEEE (1995)

    Google Scholar 

  22. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)

    Article  Google Scholar 

  23. Hosmer Jr, D.W., Lemeshow, S., Sturdivant, R.X.: Applied Logistic Regression, vol. 398. John Wiley & Sons (2013)

    Google Scholar 

  24. Huang, G., Li, Y., Wang, Q., Ren, J., Cheng, Y., Zhao, X.: Automatic classification method for software vulnerability based on deep neural network. IEEE Access 7, 28291–28298 (2019)

    Article  Google Scholar 

  25. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)

  26. Le, T.H.M., Chen, H., Babar, M.A.: Deep learning for source code modeling and generation: models, applications, and challenges. ACM Comput. Surveys (CSUR) 53(3), 1–38 (2020)

    Google Scholar 

  27. LeCun, Y.: Deep learning & convolutional networks. In: 2015 IEEE Hot Chips 27 Symposium (HCS), pp. 1–95. IEEE Computer Society (2015)

    Google Scholar 

  28. Li, Z., et al.: VulDeePecker: a deep learning-based system for vulnerability detection. arXiv preprint arXiv:1801.01681 (2018)

  29. Lin, G., Wen, S., Han, Q.-L., Zhang, J., Xiang, Y.: Software vulnerability detection using deep neural networks: a survey. Proc. IEEE 108(10), 1825–1848 (2020)

    Article  Google Scholar 

  30. Loper, E., Bird, S.: NLTK: the natural language toolkit. arXiv preprint cs/0205028, cs.CL/0205028 (2002)

    Google Scholar 

  31. Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Softw. Eng. 37(3), 371–386 (2010)

    Google Scholar 

  32. Pendleton, M., Garcia-Lebron, R., Cho, J.-H., Shouhuai, X.: A survey on systems security metrics. ACM Comput. Surv. (CSUR) 49(4), 1–35 (2016)

    Article  Google Scholar 

  33. Sharma, V.: An analytical survey of recent worm attacks. Int. J. Comput. Sci. Network Secur. (IJCSNS) 11(11), 99–103 (2011)

    Google Scholar 

  34. Siddique, S., Ahmed, T., Talukder, M.R.A., Uddin, M.M.: English to Bangla machine translation using recurrent neural network. Int. J. Future Comput. Commun. 9(2) (2020)

    Google Scholar 

  35. Wu, F., Wang, J., Liu, J., Wang, W.: Vulnerability detection with deep learning. In: 2017 3rd IEEE International Conference on Computer and Communications (ICCC), pp. 1298–1302. IEEE (2017)

    Google Scholar 

  36. Xinogalos, S.: Studying students’ conceptual grasp of OOP concepts in two interactive programming environments. In: Lytras, M.D., et al. (eds.) WSKS 2008. CCIS, vol. 19, pp. 578–585. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87783-7_73

  37. Zagane, M., Abdi, M.K., Alenezi, M.: Deep learning for software vulnerabilities detection using code metrics. IEEE Access 8, 74562–74570 (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Prairie View A &M University, Prairie View, TX, 77446, USA

    Shaykh Siddique

  2. East West University, Dhaka, Bangladesh

    Al-Amin Islam Hridoy, Sabrina Alam Khushbu & Amit Kumar Das

Authors
  1. Shaykh Siddique
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Al-Amin Islam Hridoy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sabrina Alam Khushbu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Amit Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shaykh Siddique .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Siddique, S., Hridoy, AA.I., Khushbu, S.A., Das, A.K. (2023). CVD: An Improved Approach of Software Vulnerability Detection for Object Oriented Programming Languages Using Deep Learning. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2022, Volume 1. FTC 2022 2022. Lecture Notes in Networks and Systems, vol 559. Springer, Cham. https://doi.org/10.1007/978-3-031-18461-1_10

Download citation

Publish with us

Policies and ethics

Search

Navigation