DouBiGRU-A: Software defect detection algorithm based on attention mechanism and double BiGRU

doi:10.1016/j.cose.2021.102459

Computers & Security

Volume 111, December 2021, 102459

https://doi.org/10.1016/j.cose.2021.102459 Get rights and content

Abstract

Software defects such as errors, bugs, and failures lead to poor usability and low efficiency, severely degrading the user experience. Bugs in the code are among the key areas of software defects. The exploitability of such vulnerabilities can bring about a series of security problems, such as user information leakage and network attacks. Most traditional solutions in software vulnerability detection rely on practical knowledge and experience for manual labeling and classification. Manual methods can effectively detect vulnerabilities with a high degree of attention, but those with a low degree of attention have relatively high false negative and false positive rates. Solutions based on software defect code data sets are available, which use deep learning to train software vulnerability identification models, reducing the dependence on manual knowledge and experience, but the precision rate (P) of the models and the F1 score are generally low. In this paper, based on the NVD and SARD data sets, we propose a software defect detection algorithm DouBiGRU-A that combines bidirectional gated recurrent unit (BiGRU) and an attention mechanism. In the experimental simulation, comparison with the Li-Method, bilateral long short-term memory (BiLSTM), BiGRU, and BiLSTM&Attention shows that on the CWE-399 data set, the P and F1 scores of DouBiGRU-A are 0.7% and 0.80% higher than the Li-Method, respectively. Moreover, in the CWE-399 data set, the P and F1 scores of DouBiGRU-A are 28.2% and 43.45% higher than the average values for Flawfinder and RATS, respectively. On the CWE-119 data set, the F1 score of DouBiGRU-A is 2.73% higher than the Li-Method; the P and F1 scores of DouBiGRU-A are 63.07% and 53.98% higher than the average values of Flawfinder and RATS, respectively. On the combined CWE-119&CWE-399 data set, the P and F1 scores of DouBiGRU-A are 5.22% and 4.29% higher than Li-Method, respectively. The P and F1 scores of DouBiGRU-A are 59.72% and 46.59% higher than the average values of Flawfinder and RATS, respectively.

Introduction

Recent years have seen the continuous implementation of technological achievements such as the Internet and big data, which has directly driven the rapid development of the software industry. The rapid iteration of software products and the lack of relevant technical experience of the developers has led to uneven quality of software products, which is among the main causes of software defects. To improve the reliability of software applications, related research on the detection of software defects has become an indispensable element in the software development industry.

The root causes of software defects are a lack of software design functions, a lack of experience among software developers, and negligence in the software development process. Defective software may not only be unable to complete the expected task, its execution may have unexpected consequences. This can at least restrict the program's expected function, and may even cause the program to crash and run incorrectly. In more serious cases, the defect may be exploited by malicious attackers, resulting in security risks such as personal information leakage, network attacks, and file theft. Therefore, detection of software defects is a basic and necessary procedure to ensure the quality of software products.

Software defects have attracted considerable attention from the research community, which has solved certain problems and prevented malicious attacks to a certain extent. Research methods can be roughly divided into two types: dynamic analysis based on binary code and static analysis based on source code.

Section snippets

Related research

Many studies have examined static analysis, mostly in the form of software defect reports and source code analyses. Most libraries of reported software defects rely on manual processing, but as time goes by, large numbers of defect reports are generated, thus making manual processing more difficult. Such processing is time-consuming and inefficient, and the inability to identify repeated (redundant) reports leads to wasted resources. Fan et al. (2019) proposed a document-level method for

Introduction to GRU principle

GRU is an optimization and improvement of LSTM, and is highly effective at solving the long-term dependence problem that exists in the RNN network. The LSTM network includes three gate functions: the input gate, the forget gate, and the output gate, whereas the GRU network includes only two gate functions: the update gate function and the reset gate function. The update gate function is used to control how much the hidden layer state is updated from the previous moment to the current hidden

Experiment and discussion

The experimental procedure involves four parts: establishment of the data set (link: https://pan.baidu.com/s/1FU38ymH5h0miy2r-hemaDQ (extraction code: hc9x)) and basic environment, description of the key measurement indicators, comparison with neural network methods, and comparison with code analysis tools. The selected code is written in C, and the main purpose is to detect whether buffer (CWE-119) and resource management error defects (CWE-399) exist in the source code. To demonstrate the

Conclusions

In this study, we propose a software defect detection algorithm, DouBiGRU-A, whose model precision and F1 scores are better than those of the Li-Method and code analysis tools on the CWE-119&CWE-399, CWE-119, and CWE-399 data sets. Compared with the three designed networks BiLSTM, BiGRU, and BiLSTM&Attention, on the CWE-399 data set, the P and F1 scores of DouBiGRU-A are 0.70% and 0.80% higher than those of the Li-Method, respectively. The P and F1 scores of DouBiGRU-A on the CWE-399 data set

CRediT authorship contribution statement

Jinxiong Zhao: Conceptualization, Methodology, Software, Validation, Formal analysis, Writing – original draft, Writing – review & editing. Sensen Guo: Investigation, Visualization, Software, Validation, Formal analysis. Dejun Mu: Supervision, Writing – review & editing, Funding acquisition.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgement

This work was supported in part by National Key R&D Program of China (Grant No. 2020AAA0107704), in part by the Natural Science Basic Research Plan in Shaanxi Province of China (Grant No. 2020JQ-214), and in part by the Natural Science Foundation of Jiangsu Higher Education Institutions of China (Project no. 17KJB413001).

Jinxiong Zhao got his master degree from Xi'an Jiaotong University in 2017 with electronics and communication engineering. He is currently a PhD student in cyberspace security at Northwestern Polytechnical University and his main research areas include artificial intelligence immunity, cyber security, information communication, and artificial intelligence.

References (22)

J. Mulder et al.
Modeling the evolution of interaction behavior in social networks: a dynamic relational event approach for real-time analysis
Chaos Solitons Fractals
(2019)
J.B. Xiong et al.
A secure data deletion scheme for IoT devices through key derivation encryption and data analysis
Future Gener. Comput. Syst.
(2020)
J. Xu et al.
Defect prediction with semantics and context features of codes based on graph representation learning
IEEE Trans. Reliab.
(2020)
R.W. Bi et al.
Design method of secure computing protocol for deep neural network
J. Netw. Inf. Secur.
(2020)
K. Chen et al.
Software defect prediction model based on deep learning
Comput. Syst. Appl.
(2021)
K. Cho et al.
On the properties of neural machine translation: encoder-decoder approaches
Comput. Sci.
(2014)
Chung J, Gulcehre C, Chao KH, et al. “Empirical evaluation of gated recurrent neural networks on sequence modeling,”...
T.P. Deng et al.
Who distributes it? Privacy-preserving image sharing scheme with illegal distribution detection
D.Y. Fan et al.
Repeated defect report detection method combining text and classification information
Comput. Sci.
(2019)
S. Hochreiter et al.
Long short-term memory
Neural Comput.
(1997)

R. Jozefowicz et al.

An empirical exploration of recurrent network architectures

Cited by (25)

S3DCN-OLSR: A shallow 3D CNN method for online learning state recognition
2023, Heliyon
The repeated recurrence of COVID-19 has significantly disrupted learning for students in face-to-face instructional settings. While moving from offline to online instruction has proven to be one of the best solutions, classroom management and capturing students' learning states have emerged as important challenges with the increasing popularity of online instruction. To address these challenges, in this paper we propose an online learning status recognition method based on shallow 3D convolution (S3DC-OLSR) for online students, to identify students' online learning states by analysing their micro-expressions. Specifically, we first use the data augmentation method proposed in this paper to decompose the students' online video file into three features: horizontal component of optical flow, vertical component of optical flow and optical amplitude. Next, the students' online learning status is recognised by feeding the processed data into a shallow 3D convolution neural network. To test the performance of our method, we conduct extensive experiments on the CASME II and SMIC datasets, and the results indicate that our method outperforms the other state-of-the-art methods considered in terms of recognition accuracy, UF1 and UAR, which demonstrates the superiority of our method in identifying students’ online learning states.
VDoTR: Vulnerability detection based on tensor representation of comprehensive code graphs
2023, Computers and Security
Code vulnerability detection has long been a critical issue due to its potential threat to computer systems. It is imperative to detect source code vulnerabilities in software and remediate them to avoid cyber attacks. To automate detection and reduce labor costs, many deep learning-based methods have been proposed. However, these approaches have been found to be either ineffective in detecting multiple classes of vulnerabilities or limited by treating original source code as a natural language sequence without exploiting the structural information of code. In this paper, we propose VDoTR, a model that leverages a new tensor representation of comprehensive code graphs, including AST, CFG, DFG, and NCS, to detect multiple types of vulnerabilities. Firstly, a tensor structure is introduced to represent the structured information of code, which deeply captures code features. Secondly, a new Circle Gated Graph Neural Network (CircleGGNN) is designed based on tensor for hidden state embedding of nodes. CircleGGNN can perform heterogeneous graph information fusion more directly and effectively. Lastly, a 1-D convolution-based output layer is applied to hidden embedding features for classification. The experimental results demonstrate that the detection performance of VDoTR is superior to other approaches with higher accuracy, precision, recall, and F1-measure on multiple datasets for vulnerability detection. Moreover, we illustrate which code graph contributes the most to the performance of VDoTR and which code graph is more sensitive to represent vulnerability features for different types of vulnerabilities through ablation experiments.
Software vulnerabilities in TensorFlow-based deep learning applications
2023, Computers and Security
Citation Excerpt :
In Arusoaie et al. (2017), eleven C/C++ SATs were benchmarked based on the Toyota test suite (Shiraishi et al., 2015) (it was also used in Nong et al. (2021), in which different tools were tested to find memory-related vulnerabilities). Also works Croft et al. (2021); Kaur and Nayyar (2020); Khaled and Abdelbaki (2020); Riom et al. (2021); Zhao et al. (2021) aim to benchmark different SATs. Their findings showed us the potential of three SATs in the context of vulnerability detection: CppCheck, FlawFinder and Visual Code Grepper.
Usage of Deep Learning (DL) methods is ubiquitous. It is common in the DL/Artificial Intelligence domain to use 3rd party software. TensorFlow is one of the most popular Machine Learning (ML) platforms. Every software product is a subject to security failures which often result from software vulnerabilities. In this paper, we focus on threats related to 6 common types of threats in TensorFlow implementation. We identify them using Common Weakness Enumeration. We analyze more than 100 vulnerability instances. We focus on vulnerabilities’ severity, impact on confidentiality, integrity and availability, as well as possible results of exploitation. We also use Orthogonal Defect Classification (ODC). The results show that a majority of vulnerabilities are caused by missing/incorrect checking statements, however some fixes require more advanced algorithmic changes. Static Analysis Tools tested in our study show low effectiveness in detecting known vulnerabilities in TensorFlow, but we provide some recommendations based on the obtained alerts to improve overall code quality. Further analysis of vulnerabilities helped us to understand and characterize different vulnerability types and provide a set of observations. We believe that these observations can be useful for the creators of new static analysis tools as a source of inspiration and to build the test cases. We also aim to draw the programmers’ attention to the prevalence of vulnerabilities in deep learning applications and a low effectiveness of automatic tools to find software vulnerabilities in such products.
False alarm moderation for performance monitoring in industrial water distribution systems
2022, Advanced Engineering Informatics
While considerable attention has been given to data driven methods that analyse and control energy systems in buildings, the same cannot be said for building water systems. As a result, approaches which support enhanced efficiency in building water consumption are somewhat underdeveloped, particularly in industrial settings. Water consumption in industrial systems features non-stationarity (i.e., variations in statistical properties over time), making it challenging to distinguish between routine and non-routine water uses. In such scenarios, fault detection and diagnosis methods that leverage multivariate statistical process control with, for example, principal component analysis and detection indices (Hotelling T²-statistics and Q-statistics), can be successfully used to identify system alarms. However, even with these approaches there can be a high prevalence of false alarms leading to low industry uptake of fault detection and diagnosis systems, or where in place, alarms can be ignored. To efficiently detect and diagnose water distribution system faults, false alarms should be controlled through false alarm moderation approaches so that building managers/operators only need to focus on critical system alarms or system alarms with high risk levels. This paper utilises two statistical non-parametric false alarm moderation approaches (window-based, and trial-based) that generate a second control limit for T²-statistics and Q-statistics. The implementation of these false alarm moderation approaches was combined with principal component analysis to detect faults with real water time series data from two case-study sites. Using both approaches false alarms were reduced, and the overall performance and reliability of the fault detection and diagnosis approach was improved. The principal component analysis model with the window-based approach was shown to be particularly effective.
Beyond visual range maneuver intention recognition based on attention enhanced tuna swarm optimization parallel BiGRU
2024, Complex and Intelligent Systems
Research and Progress on Learning-Based Source Code Vulnerability Detection
2024, Jisuanji Xuebao/Chinese Journal of Computers

View all citing articles on Scopus

Sensen Guo graduated from Northwestern Polytechnical University with a master's degree in detection technology and automatic equipment in 2015. He is currently a PhD student in cyberspace security at Northwestern Polytechnical University and his main research areas include cyberspace security, artificial intelligence.

Dejun Mu is now a member of the Teaching Steering Committee for Cyberspace Security of the Ministry of Education, a doctoral supervisor in the disciplines of “Cyberspace Security” and “Control Science and Engineering”, director of the “Cyberspace Security” Engineering Laboratory of Shaanxi Province, and deputy dean of the School of Cyberspace Security. In 1983, 1990, and 1994, he obtained a bachelor, master and doctorate degree in “Control Theory and Control Engineering” respectively. He was engaged in postdoctoral research at Nanjing University of Aeronautics and Astronautics from 1994 to 1996, and was a visiting scholar at the University of Linz in Austria from 1998 to 1999.

View full text

TC 11 Briefing PapersDouBiGRU-A: Software defect detection algorithm based on attention mechanism and double BiGRU

Abstract

Introduction

Section snippets

Related research

Introduction to GRU principle

Experiment and discussion

Conclusions

CRediT authorship contribution statement

Declaration of Competing Interest

Acknowledgement

Chaos Solitons Fractals

Future Gener. Comput. Syst.

IEEE Trans. Reliab.

Design method of secure computing protocol for deep neural network

J. Netw. Inf. Secur.

Software defect prediction model based on deep learning

Comput. Syst. Appl.

On the properties of neural machine translation: encoder-decoder approaches

Comput. Sci.

Who distributes it? Privacy-preserving image sharing scheme with illegal distribution detection

Repeated defect report detection method combining text and classification information

Comput. Sci.

Long short-term memory

Neural Comput.

An empirical exploration of recurrent network architectures

TC 11 Briefing Papers
DouBiGRU-A: Software defect detection algorithm based on attention mechanism and double BiGRU