Prediction of Common Weakness Probability in C/C++ Source Code Using Recurrent Neural Networks

Prediction of Common Weakness Probability in C/C++ Source Code Using Recurrent Neural Networks

The article considers source code written in C/C++ programming language. The problem is the automatic detection of potential vulnerabilities from the common weakness enumeration. The assumption is that the presence of a vulnerability is determined by the local context. Machine learning approaches ba...

Full description

Bibliographic Details
Main Authors: Petr Vytovtov, Kirill Chuvilin
Format: Article
Language:English
Published: FRUCT 2017-11-01
Series:Proceedings of the XXth Conference of Open Innovations Association FRUCT
Subjects:
Common Weakness Enumeration
Recurrent Neural Networks
Static Analysis
Online Access:https://fruct.org/publications/abstract21/files/Vyt.pdf
id doaj-1b4b1039fa3a4a298f15948a77c40c64
record_format Article
spelling doaj-1b4b1039fa3a4a298f15948a77c40c642020-11-24T22:52:32ZengFRUCTProceedings of the XXth Conference of Open Innovations Association FRUCT2305-72542343-07372017-11-0156221525531Prediction of Common Weakness Probability in C/C++ Source Code Using Recurrent Neural NetworksPetr Vytovtov0Kirill Chuvilin1Moscow Institute of Physics and Technology (State University), Moscow, RussiaMoscow Institute of Physics and Technology (State University), Moscow, RussiaThe article considers source code written in C/C++ programming language. The problem is the automatic detection of potential vulnerabilities from the common weakness enumeration. The assumption is that the presence of a vulnerability is determined by the local context. Machine learning approaches based on recurrent neural networks are investigated. The training sample is built from known common weakness fixes in public software code repositories. A new static analysis approach based on recurrent neural networks is proposed. It is tested on source code blocks with different sizes and demonstrates good quality in the terms of accuracy, F1 score, precision and recall. The proposed method can be used as a part of the source code quality analysis system and can be improved for more deeply source code analysis or for collaboration with source code autofixing tools.https://fruct.org/publications/abstract21/files/Vyt.pdf Common Weakness EnumerationRecurrent Neural NetworksStatic Analysis
collection DOAJ
language English
format Article
sources DOAJ
author Petr Vytovtov
Kirill Chuvilin
spellingShingle Petr Vytovtov
Kirill Chuvilin
Prediction of Common Weakness Probability in C/C++ Source Code Using Recurrent Neural Networks
Proceedings of the XXth Conference of Open Innovations Association FRUCT
Common Weakness Enumeration
Recurrent Neural Networks
Static Analysis
author_facet Petr Vytovtov
Kirill Chuvilin
author_sort Petr Vytovtov
title Prediction of Common Weakness Probability in C/C++ Source Code Using Recurrent Neural Networks
title_short Prediction of Common Weakness Probability in C/C++ Source Code Using Recurrent Neural Networks
title_full Prediction of Common Weakness Probability in C/C++ Source Code Using Recurrent Neural Networks
title_fullStr Prediction of Common Weakness Probability in C/C++ Source Code Using Recurrent Neural Networks
title_full_unstemmed Prediction of Common Weakness Probability in C/C++ Source Code Using Recurrent Neural Networks
title_sort prediction of common weakness probability in c/c++ source code using recurrent neural networks
publisher FRUCT
series Proceedings of the XXth Conference of Open Innovations Association FRUCT
issn 2305-7254
2343-0737
publishDate 2017-11-01
description The article considers source code written in C/C++ programming language. The problem is the automatic detection of potential vulnerabilities from the common weakness enumeration. The assumption is that the presence of a vulnerability is determined by the local context. Machine learning approaches based on recurrent neural networks are investigated. The training sample is built from known common weakness fixes in public software code repositories. A new static analysis approach based on recurrent neural networks is proposed. It is tested on source code blocks with different sizes and demonstrates good quality in the terms of accuracy, F1 score, precision and recall. The proposed method can be used as a part of the source code quality analysis system and can be improved for more deeply source code analysis or for collaboration with source code autofixing tools.
topic Common Weakness Enumeration
Recurrent Neural Networks
Static Analysis
url https://fruct.org/publications/abstract21/files/Vyt.pdf
work_keys_str_mv AT petrvytovtov predictionofcommonweaknessprobabilityinccsourcecodeusingrecurrentneuralnetworks
AT kirillchuvilin predictionofcommonweaknessprobabilityinccsourcecodeusingrecurrentneuralnetworks
_version_ 1725665560374542336

Similar Items