ISVSF: Intelligent Vulnerability Detection Against Java via Sentence-Level Pattern Exploring
| العنوان: | ISVSF: Intelligent Vulnerability Detection Against Java via Sentence-Level Pattern Exploring |
|---|---|
| المؤلفون: | Wen Sun, Hongzhi Guo, Jianpeng Li, Yifei Bi, Haibin Zhang |
| المصدر: | IEEE Systems Journal. 16:1032-1043 |
| بيانات النشر: | Institute of Electrical and Electronics Engineers (IEEE), 2022. |
| سنة النشر: | 2022 |
| مصطلحات موضوعية: | Java, Syntax (programming languages), Computer Networks and Communications, Computer science, business.industry, Deep learning, Feature extraction, Vulnerability, Feature selection, Machine learning, computer.software_genre, Security token, Computer Science Applications, Control and Systems Engineering, False positive rate, Artificial intelligence, Electrical and Electronic Engineering, business, computer, Information Systems, computer.programming_language |
| الوصف: | When software vulnerabilities threaten the security of users, new research on approaches to reduce security vulnerabilities must be explored. The development of deep learning has opened up the era of automatic code vulnerability detection, extricated humans from multifarious pattern definition, and feature selection. However, existing deep learning based vulnerability detection schemes are still in their early stage, most of them adopted token-level representing schemes, losing the logical information above token level and resulting in the narrowing of differences between codes. They always had low accuracy and high false positive rate. In addition, it is noticed that most code vulnerability detection methods focused on C/C++, and little work can be found on Java. In light of this, we propose an intelligent sentence-level vulnerability self-detection framework (ISVSF), which considers the syntax characteristics of Java and adopts sentence-level method representation and pattern exploration. Experimental results demonstrate that the ISVSF outperforms the existing token-level vulnerability detection schemes in terms of accuracy, false positive rate, detection time, etc. In addition, fast and strong vulnerability feature extraction enables ISVSF to learn vulnerability-related features quickly and achieve high accuracy with providing little training samples, thereby reducing the demand for training dataset effectively. |
| تدمد: | 2373-7816 1932-8184 |
| URL الوصول: | https://explore.openaire.eu/search/publication?articleId=doi_________::c7de72359f8685b62c915e5623874995 https://doi.org/10.1109/jsyst.2021.3072154 |
| حقوق: | CLOSED |
| رقم الأكسشن: | edsair.doi...........c7de72359f8685b62c915e5623874995 |
| قاعدة البيانات: | OpenAIRE |
| تدمد: | 23737816 19328184 |
|---|