ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2021, Vol. 58 ›› Issue (10): 2140-2162.doi: 10.7544/issn1000-1239.2021.20210620

Special Issue: 2021密码学与网络空间安全治理专题

Previous Articles     Next Articles

Software Security Vulnerability Mining Based on Deep Learning

Gu Mianxue1,2, Sun Hongyu2,3, Han Dan1,2, Yang Su2, Cao Wanying2, Guo Zhen1, Cao Chunjie1, Wang Wenjie2, Zhang Yuqing1,2,3   

  1. 1(College of Cyberspace Security, Hainan University, Haikou 570228);2(National Computer Network Intrusion Protection Center (University of Chinese Academy of Sciences), Beijing 101408);3(College of Cyber Engineering, Xidian University, Xi’an 710126)
  • Online:2021-10-01
  • Supported by: 
    This work was supported by the National Natural Science Foundation of China (U1836210) and the Key Research and Development Program of Hainan Province (ZDYF202012).

Abstract: The increasing complexity of software and the diversified forms of security vulnerabilities have brought severe challenges to the research of software security vulnerabilities. Traditional vulnerability mining methods are inefficient and have problems such as high false positives and high false negatives, which have been unable to meet the increasing demands for software security. At present, a lot of research works have attempted to apply deep learning to the field of vulnerability mining to realize automated and intelligent vulnerability mining. This review conducts an in-depth investigation and analysis of the deep learning methods applied to the field of software security vulnerability mining. First, through collecting and analyzing existing research works of software security vulnerability mining based on deep learning, its general work framework and technical route are summarized. Subsequently, starting from the extraction of deep features, security vulnerability mining works with different code representation forms are classified and discussed. Then, specific areas of deep learning based software security vulnerability mining works are discussed systematically, especially in the field of the Internet of Things and smart contract security. Finally, based on the summary of existing research works, the challenges and opportunities in this filed are discussed, and the future research trends are presented.

Key words: deep learning, vulnerability mining, code representation, IoT security, smart contract security

CLC Number: