The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches

[1]  Konrad Rieck,et al.  Generalized vulnerability extrapolation using abstract syntax trees , 2012, ACSAC '12.

[2]  Zhen Li,et al.  BVDetector: A program slice-based binary code vulnerability intelligent detection system , 2020, Inf. Softw. Technol..

[3]  Rakesh M. Verma,et al.  Machine Learning Methods for Software Vulnerability Detection , 2018, IWSPA@CODASPY.

[4]  Konrad Rieck,et al.  Automatic Inference of Search Patterns for Taint-Style Vulnerabilities , 2015, 2015 IEEE Symposium on Security and Privacy.

[5]  Jingling Zhao,et al.  A New Framework of Security Vulnerabilities Detection in PHP Web Application , 2015, 2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[6]  Jeffrey C. Carver,et al.  Identifying the characteristics of vulnerable code changes: an empirical study , 2014, SIGSOFT FSE.

[7]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[8]  Mohammad Zulkernine,et al.  Mitigating program security vulnerabilities: Approaches and challenges , 2012, CSUR.

[9]  Lionel C. Briand,et al.  Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[10]  Humera Farooq,et al.  Predicting Web Vulnerabilities in Web Applications Based on Machine Learning , 2018 .

[11]  Kim-Kwang Raymond Choo,et al.  DyHAP: Dynamic Hybrid ANFIS-PSO Approach for Predicting Mobile Malware , 2016, PloS one.

[12]  Umesh Kumar Singh,et al.  A framework for zero-day vulnerabilities detection and prioritization , 2019, J. Inf. Secur. Appl..

[13]  Wouter Joosen,et al.  Predicting Vulnerable Software Components via Text Mining , 2014, IEEE Transactions on Software Engineering.

[14]  Jinfu Chen,et al.  An Integration Testing Platform for Software Vulnerability Detection Method , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[15]  Konrad Rieck,et al.  Chucky: exposing missing checks in source code for vulnerability discovery , 2013, CCS.

[16]  Chaojing Tang,et al.  A Lightweight Assisted Vulnerability Discovery Method Using Deep Neural Networks , 2019, IEEE Access.

[17]  Shigang Liu,et al.  A performance evaluation of deep‐learnt features for software vulnerability detection , 2018, Concurr. Comput. Pract. Exp..

[18]  Yves Le Traon,et al.  Vulnerability Prediction Models: A Case Study on the Linux Kernel , 2016, 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM).

[19]  Riccardo Scandariato,et al.  Predicting Vulnerable Components: Software Metrics vs Text Mining , 2014, 2014 IEEE 25th International Symposium on Software Reliability Engineering.

[20]  Dzenana Donko,et al.  A survey of static code analysis methods for security vulnerabilities detection , 2014, 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[21]  Nor Badrul Anuar,et al.  The rise of “blockchain”: bibliometric analysis of blockchain study , 2019, Scientometrics.

[22]  Jiadong Ren,et al.  Automatic Classification Method for Software Vulnerability Based on Deep Neural Network , 2019, IEEE Access.

[23]  Indrajit Ray,et al.  To Fear or Not to Fear That is the Question: Code Characteristics of a Vulnerable Functionwith an Existing Exploit , 2016, CODASPY.

[24]  Baldoino Fonseca dos Santos Neto,et al.  Experimenting Machine Learning Techniques to Predict Vulnerabilities , 2016, 2016 Seventh Latin-American Symposium on Dependable Computing (LADC).

[25]  Lionel C. Briand,et al.  Web Application Vulnerability Prediction Using Hybrid Program Analysis and Machine Learning , 2015, IEEE Transactions on Dependable and Secure Computing.

[26]  Andrew Meneely,et al.  When a Patch Goes Bad: Exploring the Properties of Vulnerability-Contributing Commits , 2013, 2013 ACM / IEEE International Symposium on Empirical Software Engineering and Measurement.

[27]  Lwin Khin Shar,et al.  Predicting common web application vulnerabilities from input validation and sanitization code patterns , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[28]  Katerina Goseva-Popstojanova,et al.  On the capability of static code analysis to detect security vulnerabilities , 2015, Inf. Softw. Technol..

[29]  Sajjad Mahmood,et al.  Exploring software security approaches in software development lifecycle: A systematic mapping study , 2017, Comput. Stand. Interfaces.

[30]  Jugal K. Kalita,et al.  A survey of detection methods for XSS attacks , 2018, J. Netw. Comput. Appl..

[31]  Laurie A. Williams,et al.  An initial study on the use of execution complexity metrics as indicators of software vulnerabilities , 2011, SESS '11.

[32]  Ying Tan,et al.  Semi-supervised target-oriented sentiment classification , 2019, Neurocomputing.

[33]  J. Ross Quinlan,et al.  Bagging, Boosting, and C4.5 , 1996, AAAI/IAAI, Vol. 1.

[34]  Josh Dehlinger,et al.  Project Achilles: A Prototype Tool for Static Method-Level Vulnerability Detection of Java Source Code Using a Recurrent Neural Network , 2019, 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW).

[35]  Qiang Yang,et al.  A Survey on Transfer Learning , 2010, IEEE Transactions on Knowledge and Data Engineering.

[36]  Nesma Settouti,et al.  Random forest in semi-supervised learning (Co-Forest) , 2013, 2013 8th International Workshop on Systems, Signal Processing and their Applications (WoSSPA).

[37]  Y. B. Park,et al.  Software Vulnerability Detection Methodology Combined with Static and Dynamic Analysis , 2016, Wirel. Pers. Commun..

[38]  Jiadong Ren,et al.  A Buffer Overflow Prediction Approach Based on Software Metrics and Machine Learning , 2019, Secur. Commun. Networks.

[39]  Hai Jin,et al.  A Comparative Study of Deep Learning-Based Vulnerability Detection System , 2019, IEEE Access.

[40]  Pedro M. Domingos A few useful things to know about machine learning , 2012, Commun. ACM.

[41]  Xin Li,et al.  Automated Vulnerability Detection in Source Code Using Minimum Intermediate Representation Learning , 2020, Applied Sciences.

[42]  Jürgen Schmidhuber,et al.  Deep learning in neural networks: An overview , 2014, Neural Networks.

[43]  Wei Luo,et al.  Cross-Project Transfer Representation Learning for Vulnerable Function Discovery , 2018, IEEE Transactions on Industrial Informatics.

[44]  Shouhuai Xu,et al.  VulDeePecker: A Deep Learning-Based System for Vulnerability Detection , 2018, NDSS.

[45]  Christoph Meinel,et al.  Automatic Vulnerability Classification Using Machine Learning , 2017, CRiSIS.

[46]  Prashant M. Ambad,et al.  Industry 4.0 – A Glimpse , 2018 .

[47]  Lionel C. Briand,et al.  Search-Driven String Constraint Solving for Vulnerability Detection , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[48]  Douglas M. Hawkins,et al.  The Problem of Overfitting , 2004, J. Chem. Inf. Model..

[49]  Xiaozhen Xue,et al.  Predicting Vulnerable Software Components through Deep Neural Network , 2017, ICDLT '17.

[50]  Nor Badrul Anuar,et al.  Detecting opinion spams through supervised boosting approach , 2018, PloS one.

[51]  Haifeng Li,et al.  Software Vulnerability Detection Based on Code Coverage and Test Cost , 2015, 2015 11th International Conference on Computational Intelligence and Security (CIS).

[52]  David Lo,et al.  Combining Software Metrics and Text Features for Vulnerable File Prediction , 2015, 2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS).

[53]  Haitao Gan,et al.  A noise-robust semi-supervised dimensionality reduction method for face recognition , 2018 .

[54]  Shangqing Liu,et al.  Devign: Effective Vulnerability Identification by Learning Comprehensive Program Semantics via Graph Neural Networks , 2019, NeurIPS.

[55]  Arun Kumar Sangaiah,et al.  Bio-inspired computational paradigm for feature investigation and malware detection: interactive analytics , 2018, Multimedia Tools and Applications.

[56]  Zhenchang Xing,et al.  Learning to Predict Severity of Software Vulnerability Using Only Vulnerability Description , 2017, 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[57]  Fang Wu,et al.  Vulnerability detection with deep learning , 2017, 2017 3rd IEEE International Conference on Computer and Communications (ICCC).

[58]  Doina Caragea,et al.  An Empirical Study on Using the National Vulnerability Database to Predict Software Vulnerabilities , 2011, DEXA.

[59]  Riccardo Scandariato,et al.  The Effect of Dimensionality Reduction on Software Vulnerability Prediction Models , 2017, IEEE Transactions on Reliability.

[60]  Onur Ozdemir,et al.  Automated Vulnerability Detection in Source Code Using Deep Representation Learning , 2018, 2018 17th IEEE International Conference on Machine Learning and Applications (ICMLA).

[61]  Yong Fang,et al.  TAP: A static analysis model for PHP vulnerabilities based on token and deep learning technology , 2019, PloS one.

[62]  Wei Zheng,et al.  An Empirical Study of High-Impact Factors for Machine Learning-Based Vulnerability Detection , 2020, 2020 IEEE 2nd International Workshop on Intelligent Bug Fixing (IBF).

[63]  Minh Le Nguyen,et al.  Convolutional Neural Networks over Control Flow Graphs for Software Defect Prediction , 2017, 2017 IEEE 29th International Conference on Tools with Artificial Intelligence (ICTAI).

[64]  Nor Badrul Anuar,et al.  Bio-inspired for Features Optimization and Malware Detection , 2018 .

[65]  Jinfu Chen,et al.  A Method for Software Vulnerability Detection Based on Improved Control Flow Graph , 2019, Wuhan University Journal of Natural Sciences.

[66]  Chaojing Tang,et al.  Predicting buffer overflow using semi-supervised learning , 2016, 2016 9th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI).

[67]  Nor Badrul Anuar,et al.  The rise of "malware": Bibliometric analysis of malware study , 2016, J. Netw. Comput. Appl..

[68]  Xin Wang,et al.  Research on Vulnerability Detection Technology for WEB Mail System , 2018 .

[69]  Kazi Zakia Sultana Towards a software vulnerability prediction model using traceable code patterns and software metrics , 2017, 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[70]  Shin Ishii,et al.  Semi-supervised deep learning of brain tissue segmentation , 2019, Neural Networks.

[71]  Nuno Neves,et al.  Towards a Deep Learning Model for Vulnerability Detection on Web Application Variants , 2020, 2020 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW).

[72]  Taeeun Kim,et al.  An Automated Vulnerability Detection and Remediation Method for Software Security , 2018 .

[73]  Guillermo L. Grinblat,et al.  Toward Large-Scale Vulnerability Discovery using Machine Learning , 2016, CODASPY.

[74]  Xiang Li,et al.  A Mining Approach to Obtain the Software Vulnerability Characteristics , 2017, 2017 Fifth International Conference on Advanced Cloud and Big Data (CBD).

[75]  Kazi Zakia Sultana,et al.  Evaluating micro patterns and software metrics in vulnerability prediction , 2017, 2017 6th International Workshop on Software Mining (SoftwareMining).

[76]  Akbar Siami Namin,et al.  Predicting Vulnerable Software Components through N-Gram Analysis and Statistical Feature Selection , 2015, 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA).

[77]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[78]  Heejo Lee,et al.  VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[79]  Yong Tang,et al.  Pangr: A Behavior-Based Automatic Vulnerability Detection and Exploitation Framework , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[80]  Wouter Joosen,et al.  Software vulnerability prediction using text analysis techniques , 2012, MetriSec '12.

[81]  Roman Demidov,et al.  Applying Deep Learning and Vector Representation for Software Vulnerabilities Detection , 2018, SIN.

[82]  Konrad Rieck,et al.  Modeling and Discovering Vulnerabilities with Code Property Graphs , 2014, 2014 IEEE Symposium on Security and Privacy.

[83]  Babak Sadeghiyan,et al.  Towards designing an extendable vulnerability detection method for executable codes , 2016, Inf. Softw. Technol..

[84]  Lwin Khin Shar,et al.  Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns , 2013, Inf. Softw. Technol..

[85]  Sheng Wen,et al.  Software Vulnerability Detection Using Deep Neural Networks: A Survey , 2020, Proceedings of the IEEE.

[86]  Gavin Brown,et al.  Ensemble Learning , 2010, Encyclopedia of Machine Learning and Data Mining.

[87]  Arjen Hommersom,et al.  Discovering software vulnerabilities using data-flow analysis and machine learning , 2018, ARES.

[88]  Gary McGraw,et al.  An automated approach for identifying potential vulnerabilities in software , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[89]  Qing-Long Han,et al.  DeepBalance: Deep-Learning and Fuzzy Oversampling for Vulnerability Detection , 2020, IEEE Transactions on Fuzzy Systems.

[90]  David Last Using historical software vulnerability data to forecast future vulnerabilities , 2015, 2015 Resilience Week (RWS).

[91]  Nor Badrul Anuar,et al.  Performance Evaluation of Machine Learning Algorithms for Spam Profile Detection on Twitter Using WEKA and RapidMiner , 2018 .

[92]  Shouling Ji,et al.  VulSniper: Focus Your Attention to Shoot Fine-Grained Vulnerabilities , 2019, IJCAI.

[93]  Kevin Jones,et al.  Early Stage Malware Prediction Using Recurrent Neural Networks , 2017, Comput. Secur..

[94]  Laurie A. Williams,et al.  Challenges with applying vulnerability prediction models , 2015, HotSoS.

[95]  Laurie A. Williams,et al.  Can traditional fault prediction models be used for vulnerability prediction? , 2011, Empirical Software Engineering.

[96]  Kamarularifin Abd Jalil,et al.  A Method for Web Application Vulnerabilities Detection by Using Boyer-Moore String Matching Algorithm☆ , 2015 .

[97]  Akhan Akbulut,et al.  Development of a Software Vulnerability Prediction Web Service Based on Artificial Neural Networks , 2017, PAKDD.

[98]  Gustavo Grieco,et al.  Toward Smarter Vulnerability Discovery Using Machine Learning , 2018, AISec@CCS.

[99]  Matthew Smith,et al.  VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits , 2015, CCS.

[100]  Mustapha Kamel Abdi,et al.  Deep Learning for Software Vulnerabilities Detection Using Code Metrics , 2020, IEEE Access.

[101]  Xiaolong Zhu,et al.  Method of plant leaf recognition based on improved deep convolutional neural network , 2018, Cognitive Systems Research.

[102]  Shouhuai Xu,et al.  VulPecker: an automated vulnerability detection system based on code similarity analysis , 2016, ACSAC.

[103]  Tara N. Sainath,et al.  FUNDAMENTAL TECHNOLOGIES IN MODERN SPEECH RECOGNITION Digital Object Identifier 10.1109/MSP.2012.2205597 , 2012 .

[104]  Amel Mammar,et al.  An advanced approach for modeling and detecting software vulnerabilities , 2012, Inf. Softw. Technol..

[105]  Hai Jin,et al.  $\mu$μVulDeePecker: A Deep Learning-Based System for Multiclass Vulnerability Detection , 2021, IEEE Trans. Dependable Secur. Comput..

[106]  Ali Feizollah,et al.  Halal Products on Twitter: Data Extraction and Sentiment Analysis Using Stack of Deep Learning Algorithms , 2019, IEEE Access.

[107]  Ashkan Sami,et al.  Using complexity metrics to improve software security , 2013 .

[108]  Lu Sun,et al.  JSAC: A Novel Framework to Detect Malicious JavaScript via CNNs over AST and CFG , 2019, 2019 International Joint Conference on Neural Networks (IJCNN).

[109]  Laurie A. Williams,et al.  Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities , 2011, IEEE Transactions on Software Engineering.

[110]  Hamid Reza Shahriari,et al.  Software Vulnerability Analysis and Discovery Using Machine-Learning and Data-Mining Techniques , 2017, ACM Comput. Surv..

[111]  Miguel Correia,et al.  DEKANT: a static analysis tool that learns to detect web application vulnerabilities , 2016, ISSTA.

[112]  Ben Stock,et al.  25 million flows later: large-scale detection of DOM-based XSS , 2013, CCS.

[113]  Xiaojiang Du,et al.  A deep learning based static taint analysis approach for IoT software vulnerability location , 2020 .

[114]  Hoa Khanh Dam,et al.  Automatic Feature Learning for Predicting Vulnerable Software Components , 2021, IEEE Transactions on Software Engineering.