Deep security analysis of program code-Reference-Cited by-同舟云学术

Deep security analysis of program code

Published:2021-10-21 Issue:1 Volume:27 Page:
ISSN:1382-3256
Container-title:Empirical Software Engineering
language:en
Short-container-title:Empir Software Eng

Author:

Sonnekalb Tim^ORCID,Heinze Thomas S.^ORCID,Mäder Patrick^ORCID

Abstract

AbstractDue to the continuous digitalization of our society, distributed and web-based applications become omnipresent and making them more secure gains paramount relevance. Deep learning (DL) and its representation learning approach are increasingly been proposed for program code analysis potentially providing a powerful means in making software systems less vulnerable. This systematic literature review (SLR) is aiming for a thorough analysis and comparison of 32 primary studies on DL-based vulnerability analysis of program code. We found a rich variety of proposed analysis approaches, code embeddings and network topologies. We discuss these techniques and alternatives in detail. By compiling commonalities and differences in the approaches, we identify the current state of research in this area and discuss future directions. We also provide an overview of publicly available datasets in order to foster a stronger benchmarking of approaches. This SLR provides an overview and starting point for researchers interested in deep vulnerability analysis on program code.

Funder

Deutsche Forschungsgemeinschaft

Bundesministerium für Bildung und Forschung

Deutsches Zentrum für Luft- und Raumfahrt e. V. (DLR)

Publisher

Springer Science and Business Media LLC

Subject

Software

Link

https://link.springer.com/content/pdf/10.1007/s10664-021-10029-x.pdf

Reference68 articles.

1. National Institute of Standards and Technology (2020) Vulnerability - Glossary | CSRC. https://csrc.nist.gov/glossary/term/vulnerability

2. National Vulnerability Database (2020) NVD - National Vulnerability Database - Search and Statistics. https://nvd.nist.gov/vuln/search

3. Kumar C, Yadav DK (2017) Software defects estimation using metrics of early phases of software development life cycle. https://doi.org/10.1007/s13198-014-0326-2. https://ideas.repec.org/a/spr/ijsaem/v8y2017i4d10.1007_s13198-014-0326-2.html, vol 8, pp 2109–2117

4. Allamanis M, Barr ET, Devanbu P, Sutton C (2018) A survey of machine learning for big code and naturalness. ACM Comput Surv 51(4):81:1–81:37. https://doi.org/10.1145/3212695

5. The MITRE Corporation (2020) CWE - CWE List Version 4.0. https://cwe.mitre.org/data/index.html

Cited by 11 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A modified reverse-based analysis logic mining model with Weighted Random 2 Satisfiability logic in Discrete Hopfield Neural Network and multi-objective training of Modified Niched Genetic Algorithm;Expert Systems with Applications;2024-04

2. A Rapid Review on Graph-Based Learning Vulnerability Detection;Communications in Computer and Information Science;2024

3. Efficient Software Vulnerability Detection with Minimal Data Size in 5G-IoT;2023 International Conference on Emerging Research in Computational Science (ICERCS);2023-12-07

4. Security in Cloud-Native Services: A Survey;Journal of Cybersecurity and Privacy;2023-10-26

5. Natural Language Generation and Understanding of Big Code for AI-Assisted Programming: A Review;Entropy;2023-06-01