An advanced computing approach for software vulnerability detection
Kaydedildi:
| Yayımlandı: | Multimedia Tools and Applications vol. 83, no. 39 (Nov 2024), p. 86707 |
|---|---|
| Yazar: | |
| Diğer Yazarlar: | |
| Baskı/Yayın Bilgisi: |
Springer Nature B.V.
|
| Konular: | |
| Online Erişim: | Citation/Abstract Full Text - PDF |
| Etiketler: |
Etiket eklenmemiş, İlk siz ekleyin!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3130540967 | ||
| 003 | UK-CbPIL | ||
| 022 | |a 1380-7501 | ||
| 022 | |a 1573-7721 | ||
| 024 | 7 | |a 10.1007/s11042-024-19682-y |2 doi | |
| 035 | |a 3130540967 | ||
| 045 | 2 | |b d20241101 |b d20241130 | |
| 084 | |a 108528 |2 nlm | ||
| 100 | 1 | |a Do Xuan, Cho |u Posts and Telecommunications Institute of Technology, Department of Information Security, Hanoi, Vietnam | |
| 245 | 1 | |a An advanced computing approach for software vulnerability detection | |
| 260 | |b Springer Nature B.V. |c Nov 2024 | ||
| 513 | |a Journal Article | ||
| 520 | 3 | |a Detecting software vulnerabilities is a very urgent problem today. One of the common approaches for detecting software vulnerabilities is source code analysis. In this paper, to improve the effectiveness of the software vulnerability detection model based on source code analysis, we propose a novel model called GRD. The GRD model performs source code analysis to find and conclude about source code vulnerabilities based on a combination of two main methods: Feature Intelligent Extraction and Rebalancing Data. In particular, Feature Intelligent Extraction, which includes two models: deep graph networks and natural language processing (NLP) techniques, is responsible for synthesizing and extracting features of source code in the code property graph (CPG) form. Rebalancing Data has the function of balancing data to improve the efficiency of the source code classification task. The main characteristics of our proposal in this paper include two main phases as follows. The first phase extracts and synthesizes source code features into the CPG form. At this phase, the article proposes using Graph Convolution Network (GCN) to extract CPG features, and RoBERTa to extract source code snippets on the node of CPG. In the second phase, based on the feature vectors of the source code obtained in phase 1, the article proposes using the Dropout technique to generate data to balance among labels. Finally, the feature vectors generated after the Dropout technique are used to predict source code vulnerabilities. The study evaluates the proposed model on two common datasets: Verum and FFMQ. The experimental results in the article have shown the superiority of the proposed model compared to other approaches on all measures. | |
| 653 | |a Software reliability | ||
| 653 | |a Feature extraction | ||
| 653 | |a Software | ||
| 653 | |a Source code | ||
| 653 | |a Vulnerability | ||
| 653 | |a Natural language processing | ||
| 653 | |a Synthesis | ||
| 700 | 1 | |a Cong, B. V. |u University of Economics and Technical Industries, Department of Information Technology, Hanoi, Vietnam | |
| 773 | 0 | |t Multimedia Tools and Applications |g vol. 83, no. 39 (Nov 2024), p. 86707 | |
| 786 | 0 | |d ProQuest |t ABI/INFORM Global | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3130540967/abstract/embedded/L8HZQI7Z43R0LA5T?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text - PDF |u https://www.proquest.com/docview/3130540967/fulltextPDF/embedded/L8HZQI7Z43R0LA5T?source=fedsrch |