Software Security Vulnerability Mining Based on Deep Learning

Gu Mianxue; Sun Hongyu; Han Dan; Yang Su; Cao Wanying; Guo Zhen; Cao Chunjie; Wang Wenjie; Zhang Yuqing

doi:10.7544/issn1000-1239.2021.20210620

Journal of Computer Research and Development > 2021 > 58(10): 2140-2162. > DOI: 10.7544/issn1000-1239.2021.20210620

Gu Mianxue, Sun Hongyu, Han Dan, Yang Su, Cao Wanying, Guo Zhen, Cao Chunjie, Wang Wenjie, Zhang Yuqing. Software Security Vulnerability Mining Based on Deep Learning[J]. Journal of Computer Research and Development, 2021, 58(10): 2140-2162. DOI: 10.7544/issn1000-1239.2021.20210620

Citation:

PDF (2891 KB)

Software Security Vulnerability Mining Based on Deep Learning

¹(College of Cyberspace Security, Hainan University, Haikou 570228)
²(National Computer Network Intrusion Protection Center (University of Chinese Academy of Sciences), Beijing 101408)
³(College of Cyber Engineering, Xidian University, Xi’an 710126)

Funds: This work was supported by the National Natural Science Foundation of China (U1836210) and the Key Research and Development Program of Hainan Province (ZDYF202012).

More Information

Published Date: September 30, 2021

Graphical Abstract

Abstract

Abstract

The increasing complexity of software and the diversified forms of security vulnerabilities have brought severe challenges to the research of software security vulnerabilities. Traditional vulnerability mining methods are inefficient and have problems such as high false positives and high false negatives, which have been unable to meet the increasing demands for software security. At present, a lot of research works have attempted to apply deep learning to the field of vulnerability mining to realize automated and intelligent vulnerability mining. This review conducts an in-depth investigation and analysis of the deep learning methods applied to the field of software security vulnerability mining. First, through collecting and analyzing existing research works of software security vulnerability mining based on deep learning, its general work framework and technical route are summarized. Subsequently, starting from the extraction of deep features, security vulnerability mining works with different code representation forms are classified and discussed. Then, specific areas of deep learning based software security vulnerability mining works are discussed systematically, especially in the field of the Internet of Things and smart contract security. Finally, based on the summary of existing research works, the challenges and opportunities in this filed are discussed, and the future research trends are presented.
- deep learning,
- vulnerability mining,
- code representation,
- IoT security,
- smart contract security

FullText(HTML)

References (0)

[1]	Xu Jingnan, Wang Leixia, Meng Xiaofeng. Research on Privacy Auditing in Data Governance[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202540530
[2]	Zhao Jingxin, Yue Xinghui, Feng Chongpeng, Zhang Jing, Li Yin, Wang Na, Ren Jiadong, Zhang Haoxing, Wu Gaofei, Zhu Xiaoyan, Zhang Yuqing. Survey of Data Privacy Security Based on General Data Protection Regulation[J]. Journal of Computer Research and Development, 2022, 59(10): 2130-2163. DOI: 10.7544/issn1000-1239.20220800
[3]	Song Lei, Ma Chunguang, Duan Guanghan, Yuan Qi. Privacy-Preserving Logistic Regression on Vertically Partitioned Data[J]. Journal of Computer Research and Development, 2019, 56(10): 2243-2249. DOI: 10.7544/issn1000-1239.2019.20190414
[4]	Chen Yufei, Shen Chao, Wang Qian, Li Qi, Wang Cong, Ji Shouling, Li Kang, Guan Xiaohong. Security and Privacy Risks in Artificial Intelligence Systems[J]. Journal of Computer Research and Development, 2019, 56(10): 2135-2150. DOI: 10.7544/issn1000-1239.2019.20190415
[5]	Liu Qiang, Li Tong, Yu Yang, Cai Zhiping, Zhou Tongqing. Data Security and Privacy Preserving Techniques for Wearable Devices: A Survey[J]. Journal of Computer Research and Development, 2018, 55(1): 14-29. DOI: 10.7544/issn1000-1239.2018.20160765
[6]	Wang Liang, Wang Weiping, Meng Dan. Privacy Preserving Data Publishing via Weighted Bayesian Networks[J]. Journal of Computer Research and Development, 2016, 53(10): 2343-2353. DOI: 10.7544/issn1000-1239.2016.20160465
[7]	Cao Zhenfu, Dong Xiaolei, Zhou Jun, Shen Jiachen, Ning Jianting, Gong Junqing. Research Advances on Big Data Security and Privacy Preserving[J]. Journal of Computer Research and Development, 2016, 53(10): 2137-2151. DOI: 10.7544/issn1000-1239.2016.20160684
[8]	Meng Xiaofeng, Zhang Xiaojian. Big Data Privacy Management[J]. Journal of Computer Research and Development, 2015, 52(2): 265-281. DOI: 10.7544/issn1000-1239.2015.20140073
[9]	Liu Yahui, Zhang Tieying, Jin Xiaolong, Cheng Xueqi. Personal Privacy Protection in the Era of Big Data[J]. Journal of Computer Research and Development, 2015, 52(1): 229-247. DOI: 10.7544/issn1000-1239.2015.20131340
[10]	Zhang Fengzhe, Chen Jin, Chen Haibo, and Zang Binyu. Lifetime Privacy and Self-Destruction of Data in the Cloud[J]. Journal of Computer Research and Development, 2011, 48(7): 1155-1167.

Cited By

Cited by

Periodical cited type(5)

1.	李宁，徐丽娜，方国勇，马英晋. 结合容错编码的量子化学分布式计算. 化学学报. 2024(02): 138-145 .
2.	陈雨梁，林夕，李建华. 基于编码计算的分布式人工智能系统安全防护研究. 网络空间安全. 2024(01): 108-112 .
3.	郭中孚，季新生，游伟，赵宇，巩小锐. 基于喷泉码的隐私保护编码计算卸载方法. 信息工程大学学报. 2024(05): 559-566 .
4.	杨在航，李跃鹏，曾德泽. 基于编码计算的边端融合计算发展趋势. 自动化博览. 2023(02): 45-49 .
5.	史洪玮，洪道诚，施连敏，杨迎尧. 异构编码联邦学习. 华东师范大学学报(自然科学版). 2023(05): 110-121 .