loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Khadija Hanifi 1 ; Ramin Fouladi 1 ; Basak Unsalver 2 and Goksu Karadag 2

Affiliations: 1 Ericsson Security Research, Istanbul, Turkey ; 2 Vodafone, Istanbul, Turkey

Keyword(s): Software Security, Vulnerability Prediction, Source Code, Machine Learning, Transfer Learning.

Abstract: Developing automated and smart software vulnerability detection models has been receiving great attention from both research and development communities. One of the biggest challenges in this area is the lack of code samples for all different programming languages. In this study, we address this issue by proposing a transfer learning technique to leverage available datasets and generate a model to detect common vulnerabilities in different programming languages. We use C source code samples to train a Convolutional Neural Network (CNN) model, then, we use Java source code samples to adopt and evaluate the learned model. We use code samples from two benchmark datasets: NIST Software Assurance Reference Dataset (SARD) and Draper VDISC dataset. The results show that proposed model detects vulnerabilities in both C and Java codes with average recall of 72%. Additionally, we employ explainable AI to investigate how much each feature contributes to the knowledge transfer mechanisms between C and Java in the proposed model. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 13.59.213.128

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Hanifi, K., Fouladi, R., Unsalver, B. and Karadag, G. (2023). Software Vulnerability Prediction Knowledge Transferring Between Programming Languages. In Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE; ISBN 978-989-758-647-7; ISSN 2184-4895, SciTePress, pages 479-486. DOI: 10.5220/0011859800003464

@conference{enase23,
author={Khadija Hanifi and Ramin Fouladi and Basak Unsalver and Goksu Karadag},
title={Software Vulnerability Prediction Knowledge Transferring Between Programming Languages},
booktitle={Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE},
year={2023},
pages={479-486},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011859800003464},
isbn={978-989-758-647-7},
issn={2184-4895},
}

TY - CONF

JO - Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE
TI - Software Vulnerability Prediction Knowledge Transferring Between Programming Languages
SN - 978-989-758-647-7
IS - 2184-4895
AU - Hanifi, K.
AU - Fouladi, R.
AU - Unsalver, B.
AU - Karadag, G.
PY - 2023
SP - 479
EP - 486
DO - 10.5220/0011859800003464
PB - SciTePress