Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Automated Vulnerability Detection in Source Code Using Deep Representation Learning

C. Seas, G. Fitzpatrick, J. A. Hamilton, M. C. Carlisle

TL;DR

A convolutional neural network model is presented that can successfully identify bugs in C code and is able to find real vulnerabilities in complex code with a low false-positive rate on a custom Linux kernel dataset.

Abstract

Each year, software vulnerabilities are discovered, which pose significant risks of exploitation and system compromise. We present a convolutional neural network model that can successfully identify bugs in C code. We trained our model using two complementary datasets: a machine-labeled dataset created by Draper Labs using three static analyzers and the NIST SATE Juliet human-labeled dataset designed for testing static analyzers. In contrast with the work of Russell et al. on these datasets, we focus on C programs, enabling us to specialize and optimize our detection techniques for this language. After removing duplicates from the dataset, we tokenize the input into 91 token categories. The category values are converted to a binary vector to save memory. Our first convolution layer is chosen so that the entire encoding of the token is presented to the filter. We use two convolution and pooling layers followed by two fully connected layers to classify programs into either a common weakness enumeration category or as ``clean.'' We obtain higher recall than prior work by Russell et al. on this dataset when requiring high precision. We also demonstrate on a custom Linux kernel dataset that we are able to find real vulnerabilities in complex code with a low false-positive rate.

Automated Vulnerability Detection in Source Code Using Deep Representation Learning

TL;DR

A convolutional neural network model is presented that can successfully identify bugs in C code and is able to find real vulnerabilities in complex code with a low false-positive rate on a custom Linux kernel dataset.

Abstract

Each year, software vulnerabilities are discovered, which pose significant risks of exploitation and system compromise. We present a convolutional neural network model that can successfully identify bugs in C code. We trained our model using two complementary datasets: a machine-labeled dataset created by Draper Labs using three static analyzers and the NIST SATE Juliet human-labeled dataset designed for testing static analyzers. In contrast with the work of Russell et al. on these datasets, we focus on C programs, enabling us to specialize and optimize our detection techniques for this language. After removing duplicates from the dataset, we tokenize the input into 91 token categories. The category values are converted to a binary vector to save memory. Our first convolution layer is chosen so that the entire encoding of the token is presented to the filter. We use two convolution and pooling layers followed by two fully connected layers to classify programs into either a common weakness enumeration category or as ``clean.'' We obtain higher recall than prior work by Russell et al. on this dataset when requiring high precision. We also demonstrate on a custom Linux kernel dataset that we are able to find real vulnerabilities in complex code with a low false-positive rate.
Paper Structure (14 sections, 3 figures, 1 table)

This paper contains 14 sections, 3 figures, 1 table.

Table of Contents

  1. INTRODUCTION
  2. RELATED WORK
  3. DATA
  4. Data tokenization
  5. Data curation
  6. Labels
  7. Padding
  8. METHODS
  9. Convolutional Neural Network Architecture
  10. Kernel Matrix Configuration
  11. Comparative Analysis with Prior Work
  12. RESULTS
  13. Practical Implications and Significance
  14. CONCLUSIONS

Figures (3)

  • Figure 1: Convolutional Neural Representation-Learning Approach for Source Code Classification.
  • Figure 2: Multi-label PR Curve tested on Juliet dataset with our approach. Our labels are multiple CWEs grouped together, as shown in the table \ref{['table:cwe_labels']}. The CLEAN curve is the PR curve for the functions that are not buggy.
  • Figure 3: Multi-label PR Curve from Russell et al.'s paper draper_paper on different CWEs