Explainable Software vulnerability detection based on Attention-based Bidirectional Recurrent Neural Networks

Yi Mao; Yun Li; Jiatai Sun; Yixin Chen

doi:10.1109/BigData50022.2020.9377803

Explainable Software vulnerability detection based on Attention-based Bidirectional Recurrent Neural Networks

Yi Mao
, Yun Li
, Jiatai Sun
, Yixin Chen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

17 Scopus citations

Abstract

Software vulnerability detection in source code is a fundamental problem in cyber-security. Aiming at discovering the vulnerability automatically, this paper proposes an open source software vulnerability detection method based on attention-based bidirectional recurrent neural networks. Based on the high-level and generalizable function representations that obtained from the abstract syntax tree(AST), an attention-based bidirectional recurrent neural networks is devised to capture the sequential and important code elements in vulnerability detection from the large number of features that the deep learning model has learned. Experimental results confirm that the huge potential of the proposed new vulnerability detection method which is not only more effective than Convolutional Neural Networks(CNN) but also better than traditional Bidirectional Recurrent Neural Networks(BRNN) in reducing the false negative rate at the price of increasing the false positive rate.

Original language	English
Title of host publication	Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020
Editors	Xintao Wu, Chris Jermaine, Li Xiong, Xiaohua Tony Hu, Olivera Kotevska, Siyuan Lu, Weijia Xu, Srinivas Aluru, Chengxiang Zhai, Eyhab Al-Masri, Zhiyuan Chen, Jeff Saltz
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	4651-4656
Number of pages	6
ISBN (Electronic)	9781728162515
DOIs	https://doi.org/10.1109/BigData50022.2020.9377803
State	Published - Dec 10 2020
Event	8th IEEE International Conference on Big Data, Big Data 2020 - Virtual, Atlanta, United States Duration: Dec 10 2020 → Dec 13 2020

Publication series

Name	Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020

Conference

Conference	8th IEEE International Conference on Big Data, Big Data 2020
Country/Territory	United States
City	Virtual, Atlanta
Period	12/10/20 → 12/13/20

Keywords

attention mechanism
deep learning
machine learning
Software vulnerability detection

Access to Document

10.1109/BigData50022.2020.9377803

Cite this

Mao, Y., Li, Y., Sun, J., & Chen, Y. (2020). Explainable Software vulnerability detection based on Attention-based Bidirectional Recurrent Neural Networks. In X. Wu, C. Jermaine, L. Xiong, X. T. Hu, O. Kotevska, S. Lu, W. Xu, S. Aluru, C. Zhai, E. Al-Masri, Z. Chen, & J. Saltz (Eds.), Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020 (pp. 4651-4656). Article 9377803 (Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BigData50022.2020.9377803

Mao, Yi ; Li, Yun ; Sun, Jiatai et al. / Explainable Software vulnerability detection based on Attention-based Bidirectional Recurrent Neural Networks. Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020. editor / Xintao Wu ; Chris Jermaine ; Li Xiong ; Xiaohua Tony Hu ; Olivera Kotevska ; Siyuan Lu ; Weijia Xu ; Srinivas Aluru ; Chengxiang Zhai ; Eyhab Al-Masri ; Zhiyuan Chen ; Jeff Saltz. Institute of Electrical and Electronics Engineers Inc., 2020. pp. 4651-4656 (Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020).

@inproceedings{265579f7973b47fbb3df94b5c0f996c1,

title = "Explainable Software vulnerability detection based on Attention-based Bidirectional Recurrent Neural Networks",

abstract = "Software vulnerability detection in source code is a fundamental problem in cyber-security. Aiming at discovering the vulnerability automatically, this paper proposes an open source software vulnerability detection method based on attention-based bidirectional recurrent neural networks. Based on the high-level and generalizable function representations that obtained from the abstract syntax tree(AST), an attention-based bidirectional recurrent neural networks is devised to capture the sequential and important code elements in vulnerability detection from the large number of features that the deep learning model has learned. Experimental results confirm that the huge potential of the proposed new vulnerability detection method which is not only more effective than Convolutional Neural Networks(CNN) but also better than traditional Bidirectional Recurrent Neural Networks(BRNN) in reducing the false negative rate at the price of increasing the false positive rate.",

keywords = "attention mechanism, deep learning, machine learning, Software vulnerability detection",

author = "Yi Mao and Yun Li and Jiatai Sun and Yixin Chen",

note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 8th IEEE International Conference on Big Data, Big Data 2020 ; Conference date: 10-12-2020 Through 13-12-2020",

year = "2020",

month = dec,

day = "10",

doi = "10.1109/BigData50022.2020.9377803",

language = "English",

series = "Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "4651--4656",

editor = "Xintao Wu and Chris Jermaine and Li Xiong and Hu, \{Xiaohua Tony\} and Olivera Kotevska and Siyuan Lu and Weijia Xu and Srinivas Aluru and Chengxiang Zhai and Eyhab Al-Masri and Zhiyuan Chen and Jeff Saltz",

booktitle = "Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020",

}

Mao, Y, Li, Y, Sun, J & Chen, Y 2020, Explainable Software vulnerability detection based on Attention-based Bidirectional Recurrent Neural Networks. in X Wu, C Jermaine, L Xiong, XT Hu, O Kotevska, S Lu, W Xu, S Aluru, C Zhai, E Al-Masri, Z Chen & J Saltz (eds), Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020., 9377803, Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020, Institute of Electrical and Electronics Engineers Inc., pp. 4651-4656, 8th IEEE International Conference on Big Data, Big Data 2020, Virtual, Atlanta, United States, 12/10/20. https://doi.org/10.1109/BigData50022.2020.9377803

Explainable Software vulnerability detection based on Attention-based Bidirectional Recurrent Neural Networks. / Mao, Yi; Li, Yun; Sun, Jiatai et al.
Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020. ed. / Xintao Wu; Chris Jermaine; Li Xiong; Xiaohua Tony Hu; Olivera Kotevska; Siyuan Lu; Weijia Xu; Srinivas Aluru; Chengxiang Zhai; Eyhab Al-Masri; Zhiyuan Chen; Jeff Saltz. Institute of Electrical and Electronics Engineers Inc., 2020. p. 4651-4656 9377803 (Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Explainable Software vulnerability detection based on Attention-based Bidirectional Recurrent Neural Networks

AU - Mao, Yi

AU - Li, Yun

AU - Sun, Jiatai

AU - Chen, Yixin

PY - 2020/12/10

Y1 - 2020/12/10

N2 - Software vulnerability detection in source code is a fundamental problem in cyber-security. Aiming at discovering the vulnerability automatically, this paper proposes an open source software vulnerability detection method based on attention-based bidirectional recurrent neural networks. Based on the high-level and generalizable function representations that obtained from the abstract syntax tree(AST), an attention-based bidirectional recurrent neural networks is devised to capture the sequential and important code elements in vulnerability detection from the large number of features that the deep learning model has learned. Experimental results confirm that the huge potential of the proposed new vulnerability detection method which is not only more effective than Convolutional Neural Networks(CNN) but also better than traditional Bidirectional Recurrent Neural Networks(BRNN) in reducing the false negative rate at the price of increasing the false positive rate.

AB - Software vulnerability detection in source code is a fundamental problem in cyber-security. Aiming at discovering the vulnerability automatically, this paper proposes an open source software vulnerability detection method based on attention-based bidirectional recurrent neural networks. Based on the high-level and generalizable function representations that obtained from the abstract syntax tree(AST), an attention-based bidirectional recurrent neural networks is devised to capture the sequential and important code elements in vulnerability detection from the large number of features that the deep learning model has learned. Experimental results confirm that the huge potential of the proposed new vulnerability detection method which is not only more effective than Convolutional Neural Networks(CNN) but also better than traditional Bidirectional Recurrent Neural Networks(BRNN) in reducing the false negative rate at the price of increasing the false positive rate.

KW - attention mechanism

KW - deep learning

KW - machine learning

KW - Software vulnerability detection

UR - https://www.scopus.com/pages/publications/85103855633

U2 - 10.1109/BigData50022.2020.9377803

DO - 10.1109/BigData50022.2020.9377803

M3 - Conference contribution

AN - SCOPUS:85103855633

T3 - Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020

SP - 4651

EP - 4656

BT - Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020

A2 - Wu, Xintao

A2 - Jermaine, Chris

A2 - Xiong, Li

A2 - Hu, Xiaohua Tony

A2 - Kotevska, Olivera

A2 - Lu, Siyuan

A2 - Xu, Weijia

A2 - Aluru, Srinivas

A2 - Zhai, Chengxiang

A2 - Al-Masri, Eyhab

A2 - Chen, Zhiyuan

A2 - Saltz, Jeff

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 8th IEEE International Conference on Big Data, Big Data 2020

Y2 - 10 December 2020 through 13 December 2020

ER -

Mao Y, Li Y, Sun J, Chen Y. Explainable Software vulnerability detection based on Attention-based Bidirectional Recurrent Neural Networks. In Wu X, Jermaine C, Xiong L, Hu XT, Kotevska O, Lu S, Xu W, Aluru S, Zhai C, Al-Masri E, Chen Z, Saltz J, editors, Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020. Institute of Electrical and Electronics Engineers Inc. 2020. p. 4651-4656. 9377803. (Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020). doi: 10.1109/BigData50022.2020.9377803

Explainable Software vulnerability detection based on Attention-based Bidirectional Recurrent Neural Networks

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this