Current and Future Research of Machine Learning Based Vulnerability Detection
作者: Zhaoyan Jin , Yang Yu
关键词:
摘要: The quantity and volume of software increase rapidly, more vulnerabilities are hidden there, thus vulnerability detection becomes important. This paper reviews works about machine learning based methods for source code, especially on program representation vectorization, Machine Learning Methods. However, current detect in coarse-grained level, locating the still needs much additional work. problem can be solved by fine-grained level. assumes that level will a future research trend, proposes several possible solutions.
sci-hub.se 参考文章(15)
Fabian Yamaguchi, Alwin Maier, Hugo Gascon, Konrad Rieck, Automatic Inference of Search Patterns for Taint-Style Vulnerabilities 2015 IEEE Symposium on Security and Privacy. pp. 797- 812 ,(2015) , 10.1109/SP.2015.54
Nathaniel Ayewah, William Pugh, David Hovemeyer, J. David Morgenthaler, John Penix, Using Static Analysis to Find Bugs IEEE Software. ,vol. 25, pp. 22- 29 ,(2008) , 10.1109/MS.2008.130
Fabian Yamaguchi, Christian Wressnegger, Hugo Gascon, Konrad Rieck, Chucky: exposing missing checks in source code for vulnerability discovery computer and communications security. pp. 499- 510 ,(2013) , 10.1145/2508859.2516665
Yonghee Shin, Andrew Meneely, Laurie Williams, Jason A. Osborne, Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities IEEE Transactions on Software Engineering. ,vol. 37, pp. 772- 787 ,(2011) , 10.1109/TSE.2010.81
Jeanne Ferrante, Karl J. Ottenstein, Joe D. Warren, The program dependence graph and its use in optimization ACM Transactions on Programming Languages and Systems. ,vol. 9, pp. 319- 349 ,(1987) , 10.1145/24039.24041
Fabian Yamaguchi, Markus Lottmann, Konrad Rieck, Generalized vulnerability extrapolation using abstract syntax trees Proceedings of the 28th Annual Computer Security Applications Conference on - ACSAC '12. pp. 359- 368 ,(2012) , 10.1145/2420950.2421003
Fabian Yamaguchi, Pattern-Based Vulnerability Discovery ,(2015)
Iberia Medeiros, Nuno Neves, Miguel Correia, Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining IEEE Transactions on Reliability. ,vol. 65, pp. 54- 69 ,(2016) , 10.1109/TR.2015.2457411
Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna, None, Ramblr: Making Reassembly Great Again. network and distributed system security symposium. ,(2017) , 10.14722/NDSS.2017.23225
Seyed Mohammad Ghaffarian, Hamid Reza Shahriari, Software Vulnerability Analysis and Discovery Using Machine-Learning and Data-Mining Techniques: A Survey ACM Computing Surveys. ,vol. 50, pp. 56- ,(2017) , 10.1145/3092566