TC 11 Briefing PapersDouBiGRU-A: Software defect detection algorithm based on attention mechanism and double BiGRU
Introduction
Recent years have seen the continuous implementation of technological achievements such as the Internet and big data, which has directly driven the rapid development of the software industry. The rapid iteration of software products and the lack of relevant technical experience of the developers has led to uneven quality of software products, which is among the main causes of software defects. To improve the reliability of software applications, related research on the detection of software defects has become an indispensable element in the software development industry.
The root causes of software defects are a lack of software design functions, a lack of experience among software developers, and negligence in the software development process. Defective software may not only be unable to complete the expected task, its execution may have unexpected consequences. This can at least restrict the program's expected function, and may even cause the program to crash and run incorrectly. In more serious cases, the defect may be exploited by malicious attackers, resulting in security risks such as personal information leakage, network attacks, and file theft. Therefore, detection of software defects is a basic and necessary procedure to ensure the quality of software products.
Software defects have attracted considerable attention from the research community, which has solved certain problems and prevented malicious attacks to a certain extent. Research methods can be roughly divided into two types: dynamic analysis based on binary code and static analysis based on source code.
Section snippets
Related research
Many studies have examined static analysis, mostly in the form of software defect reports and source code analyses. Most libraries of reported software defects rely on manual processing, but as time goes by, large numbers of defect reports are generated, thus making manual processing more difficult. Such processing is time-consuming and inefficient, and the inability to identify repeated (redundant) reports leads to wasted resources. Fan et al. (2019) proposed a document-level method for
Introduction to GRU principle
GRU is an optimization and improvement of LSTM, and is highly effective at solving the long-term dependence problem that exists in the RNN network. The LSTM network includes three gate functions: the input gate, the forget gate, and the output gate, whereas the GRU network includes only two gate functions: the update gate function and the reset gate function. The update gate function is used to control how much the hidden layer state is updated from the previous moment to the current hidden
Experiment and discussion
The experimental procedure involves four parts: establishment of the data set (link: https://pan.baidu.com/s/1FU38ymH5h0miy2r-hemaDQ (extraction code: hc9x)) and basic environment, description of the key measurement indicators, comparison with neural network methods, and comparison with code analysis tools. The selected code is written in C, and the main purpose is to detect whether buffer (CWE-119) and resource management error defects (CWE-399) exist in the source code. To demonstrate the
Conclusions
In this study, we propose a software defect detection algorithm, DouBiGRU-A, whose model precision and F1 scores are better than those of the Li-Method and code analysis tools on the CWE-119&CWE-399, CWE-119, and CWE-399 data sets. Compared with the three designed networks BiLSTM, BiGRU, and BiLSTM&Attention, on the CWE-399 data set, the P and F1 scores of DouBiGRU-A are 0.70% and 0.80% higher than those of the Li-Method, respectively. The P and F1 scores of DouBiGRU-A on the CWE-399 data set
CRediT authorship contribution statement
Jinxiong Zhao: Conceptualization, Methodology, Software, Validation, Formal analysis, Writing – original draft, Writing – review & editing. Sensen Guo: Investigation, Visualization, Software, Validation, Formal analysis. Dejun Mu: Supervision, Writing – review & editing, Funding acquisition.
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgement
This work was supported in part by National Key R&D Program of China (Grant No. 2020AAA0107704), in part by the Natural Science Basic Research Plan in Shaanxi Province of China (Grant No. 2020JQ-214), and in part by the Natural Science Foundation of Jiangsu Higher Education Institutions of China (Project no. 17KJB413001).
Jinxiong Zhao got his master degree from Xi'an Jiaotong University in 2017 with electronics and communication engineering. He is currently a PhD student in cyberspace security at Northwestern Polytechnical University and his main research areas include artificial intelligence immunity, cyber security, information communication, and artificial intelligence.
References (22)
- et al.
Modeling the evolution of interaction behavior in social networks: a dynamic relational event approach for real-time analysis
Chaos Solitons Fractals
(2019) - et al.
A secure data deletion scheme for IoT devices through key derivation encryption and data analysis
Future Gener. Comput. Syst.
(2020) - et al.
Defect prediction with semantics and context features of codes based on graph representation learning
IEEE Trans. Reliab.
(2020) - et al.
Design method of secure computing protocol for deep neural network
J. Netw. Inf. Secur.
(2020) - et al.
Software defect prediction model based on deep learning
Comput. Syst. Appl.
(2021) - et al.
On the properties of neural machine translation: encoder-decoder approaches
Comput. Sci.
(2014) - Chung J, Gulcehre C, Chao KH, et al. “Empirical evaluation of gated recurrent neural networks on sequence modeling,”...
- et al.
Who distributes it? Privacy-preserving image sharing scheme with illegal distribution detection
- et al.
Repeated defect report detection method combining text and classification information
Comput. Sci.
(2019) - et al.
Long short-term memory
Neural Comput.
(1997)
An empirical exploration of recurrent network architectures
Cited by (25)
VDoTR: Vulnerability detection based on tensor representation of comprehensive code graphs
2023, Computers and SecuritySoftware vulnerabilities in TensorFlow-based deep learning applications
2023, Computers and SecurityCitation Excerpt :In Arusoaie et al. (2017), eleven C/C++ SATs were benchmarked based on the Toyota test suite (Shiraishi et al., 2015) (it was also used in Nong et al. (2021), in which different tools were tested to find memory-related vulnerabilities). Also works Croft et al. (2021); Kaur and Nayyar (2020); Khaled and Abdelbaki (2020); Riom et al. (2021); Zhao et al. (2021) aim to benchmark different SATs. Their findings showed us the potential of three SATs in the context of vulnerability detection: CppCheck, FlawFinder and Visual Code Grepper.
False alarm moderation for performance monitoring in industrial water distribution systems
2022, Advanced Engineering InformaticsBeyond visual range maneuver intention recognition based on attention enhanced tuna swarm optimization parallel BiGRU
2024, Complex and Intelligent SystemsResearch and Progress on Learning-Based Source Code Vulnerability Detection
2024, Jisuanji Xuebao/Chinese Journal of Computers
Jinxiong Zhao got his master degree from Xi'an Jiaotong University in 2017 with electronics and communication engineering. He is currently a PhD student in cyberspace security at Northwestern Polytechnical University and his main research areas include artificial intelligence immunity, cyber security, information communication, and artificial intelligence.
Sensen Guo graduated from Northwestern Polytechnical University with a master's degree in detection technology and automatic equipment in 2015. He is currently a PhD student in cyberspace security at Northwestern Polytechnical University and his main research areas include cyberspace security, artificial intelligence.
Dejun Mu is now a member of the Teaching Steering Committee for Cyberspace Security of the Ministry of Education, a doctoral supervisor in the disciplines of “Cyberspace Security” and “Control Science and Engineering”, director of the “Cyberspace Security” Engineering Laboratory of Shaanxi Province, and deputy dean of the School of Cyberspace Security. In 1983, 1990, and 1994, he obtained a bachelor, master and doctorate degree in “Control Theory and Control Engineering” respectively. He was engaged in postdoctoral research at Nanjing University of Aeronautics and Astronautics from 1994 to 1996, and was a visiting scholar at the University of Linz in Austria from 1998 to 1999.