Biblio
Filters: Author is Cai, Saihua [Clear All Filters]
.
2021. An Empirical Study on Vulnerability Detection for Source Code Software based on Deep Learning. 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C). :1159–1160.
In recent years, the complexity of software vulnera-bilities has continued to increase. Manual vulnerability detection methods alone no longer meet the demand. With the rapid development of the deep learning, many neural network models have been widely applied to source code vulnerability detection. The variant of recurrent neural network (RNN), bidirectional Long Short-Term Memory (BiLSTM), has been a popular choice in vulnerability detection. However, is BiLSTM the most suitable choice? To answer this question, we conducted a series of experiments to investigate the effectiveness of different neural network models for source code vulnerability detection. The results shows that the variants of RNN, gated recurrent unit (GRU) and bidirectional GRU, are more capable of detecting source code fragments with mixed vulnerability types. And the concatenated convolutional neural network is more capable of detecting source code fragments of single vulnerability types.
.
2020. iTES: Integrated Testing and Evaluation System for Software Vulnerability Detection Methods. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1455–1460.
To find software vulnerabilities using software vulnerability detection technology is an important way to ensure the system security. Existing software vulnerability detection methods have some limitations as they can only play a certain role in some specific situations. To accurately analyze and evaluate the existing vulnerability detection methods, an integrated testing and evaluation system (iTES) is designed and implemented in this paper. The main functions of the iTES are:(1) Vulnerability cases with source codes covering common vulnerability types are collected automatically to form a vulnerability cases library; (2) Fourteen methods including static and dynamic vulnerability detection are evaluated in iTES, involving the Windows and Linux platforms; (3) Furthermore, a set of evaluation metrics is designed, including accuracy, false positive rate, utilization efficiency, time cost and resource cost. The final evaluation and test results of iTES have a good guiding significance for the selection of appropriate software vulnerability detection methods or tools according to the actual situation in practice.