Code Defect Detection Model with Multi-layer Bi-directional Long Short Term Memory based on Self-Attention Mechanism
Authors: 
Cong Hou, Yue Sun, Lin Li, Wei Chen, Xiaotian XuAuthors Info & Claims
Pages 1656 - 1660
Abstract
In the process of digital transformation, enterprises develop and launch numerous business application systems. Practice indicates that the application development process often introduces many logical security defects. Auditing the source code before software goes live is considered an effective means of defect discovery. This paper proposes a defect detection model based on a multi-layer Bi-LSTM with self-attention mechanism for CWE vulnerabilities. It forms an intermediate representation of structured information from code data flow analysis, inputs it into a multi-layer Bi-LSTM network for training, and then uses the self-attention mechanism to deeply extract features, ultimately generating a code defect detection model. The model is used to detect defects in CWE-399 vulnerability, and experimental results show that the model has an accuracy of 93.51%, precision of 96.81%, recall of 86.19%, and an F1 score of 91.19%. It demonstrates high performance in vulnerability detection, validating the effectiveness of the model.
References
[1]
Li Z, Zou D, Wang Z, Jin H. 2019. Overview of Static Detection of Software Vulnerability Defects in Source Code [J]. Chinese Journal of Network and Information Security, 5(01):1-14.
[2]
Sun H, Cui L, Li L, 2021. VDSimilar: Vulnerability detection based on code similarity of vulnerabilities and patches [J]. Computers & Security, 110: 102417.
[3]
Yu Z, Cao R, Tang Q, 2020. Order matters: Semantic-aware neural networks for binary code similarity detection [C]//Proceedings of the AAAI conference on artificial intelligence. 34(01): 1145-1152.
[4]
Li Z, Bian P, Shi W, 2018. A method for discovering unknown vulnerability defects using patches[J]. Journal of Software, 29(5): 1199-1212.
[5]
Xie Z, Cui Z, Zhang J, 2020. CSEFuzz: fuzz testing based on symbolic execution [J]. IEEE Access, 8: 187564-187574.
[6]
Yang G, Filieri A, Borges M, 2019. Advances in symbolic execution[J]. Advances in Computers, 113: 225-287.
[7]
Guo S, Chen Y, Li P, 2020. SpecuSym: Speculative symbolic execution for cache timing leak detection [C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. 1235-1247.
[8]
Croft R, Newlands D, Chen Z, 2021. An empirical study of rule-based and learning-based approaches for static application security testing [C]//Proceedings of the 15th ACM/IEEE international symposium on empirical software engineering and measurement (ESEM). 1-12.
[9]
Gonzalez D, Zimmermann T, Godefroid P, 2021. Anomalicious: Automated detection of anomalous and potentially malicious commits on github [C]//2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). IEEE, 258-267.
[10]
Singh P, Pal N R, Verma S, 2016. Fuzzy rule-based approach for software fault prediction [J]. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 47(5): 826-837.
[11]
Chakraborty S, Krishna R, Ding Y, 2021. Deep learning based vulnerability detection: Are we there yet [J]. IEEE Transactions on Software Engineering,
[12]
Qiao L, Li X, Umer Q, 2020. Deep learning based software defect prediction [J]. Neurocomputing, 385: 100-110.
[13]
Li Y, Wang S, Nguyen T N. 2020. Dlfix: Context-based code transformation learning for automated program repair [C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. 602-614.
[14]
Li Z, Zou D, Xu S, 2018. Vuldeepecker: A deep learning-based system for vulnerability detection [J]. arXiv preprint.
Index Terms
- Code Defect Detection Model with Multi-layer Bi-directional Long Short Term Memory based on Self-Attention Mechanism
Recommendations
Insider Threat Detection with Long Short-Term Memory
ACSW '19: Proceedings of the Australasian Computer Science Week MulticonferenceMost organizations these days are increasingly threatened by malicious insiders. The traditional cybersecurity system uses historical logs to investigate/prevent attacks from outside a company. However, for insider threats, new models and techniques are ...
A long short-term memory (LSTM)-based distributed denial of service (DDoS) detection and defense system design in public cloud network environment
AbstractThe fact that cloud systems are under the increasing risks of cyber attacks has made the phenomenon of information security first a need and then a necessity for these systems. Distributed Denial of Service (DDoS) attacks can exploit, ...
Real-time anomaly detection based on long short-Term memory and Gaussian Mixture Model
AbstractAnomaly detection is a long-standing problem in system designation. High-quality anomaly detection can benefit plenty of applications (e.g. system monitoring, disaster precaution and intrusion detection). Most of the existing anomalies ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2023
1809 pages
ISBN:9798400708305
DOI:10.1145/3650400
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 17 April 2024
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
EITCE 2023
EITCE 2023: 2023 7th International Conference on Electronic Information Technology and Computer Engineering
October 20 - 22, 2023
Xiamen, China
Acceptance Rates
Overall Acceptance Rate 508 of 972 submissions, 52%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 17Total Downloads
- Downloads (Last 12 months)17
- Downloads (Last 6 weeks)4
Reflects downloads up to 28 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format