Automated Software Vulnerability Detection Using CodeBERT and Convolutional Neural Network

Rabaya Mim; Abdus Satter; Toukir Ahammed; Kazi Sakib

doi:10.5220/0012707900003687

Automated Software Vulnerability Detection Using CodeBERT and Convolutional Neural Network

Rabaya Mim, Abdus Satter, Toukir Ahammed, Kazi Sakib

2024

Abstract

As software programs continue to grow in size and complexity, the prevalence of software vulnerabilities has emerged as a significant security threat. Detecting these vulnerabilities has become a major concern due to the potential security risks they pose. Though Deep Learning (DL) approaches have shown promising results, previous studies have encountered challenges in simultaneously maintaining detection accuracy and scalability. In response to this challenge, our research proposes a method of automated software Vulnerability detection using CodeBERT and Convolutional Neural Network called VulBertCNN. The aim is to achieve both accuracy and scalability when identifying vulnerabilities in source code. This approach utilizes pre-trained codebert embedding model in graphical analysis of source code and then applies complex network analysis theory to convert a function’s source code into an image taking into account both syntactic and semantic information. Subsequently, a text convolutional neural network is employed to detect vulnerabilities from the generated images of code. In comparison to three existing CNN based methods TokenCNN, VulCNN and ASVD, our experimental results demonstrate a noteworthy improvement in accuracy from 78.6% to 95.7% and F1 measure increasing from 62.6% to 89% which is a significant increase of 21.7% and 26.3%. This underscores the effectiveness of our approach in detecting vulnerabilities in large-scale source code. Hence, developers can employ these findings to promptly apply effective patches on vulnerable functions.

Download

Paper Citation

in Harvard Style

Mim R., Satter A., Ahammed T. and Sakib K. (2024). Automated Software Vulnerability Detection Using CodeBERT and Convolutional Neural Network. In Proceedings of the 19th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE; ISBN 978-989-758-696-5, SciTePress, pages 156-167. DOI: 10.5220/0012707900003687

in Bibtex Style

@conference{enase24,
author={Rabaya Mim and Abdus Satter and Toukir Ahammed and Kazi Sakib},
title={Automated Software Vulnerability Detection Using CodeBERT and Convolutional Neural Network},
booktitle={Proceedings of the 19th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE},
year={2024},
pages={156-167},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012707900003687},
isbn={978-989-758-696-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 19th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE
TI - Automated Software Vulnerability Detection Using CodeBERT and Convolutional Neural Network
SN - 978-989-758-696-5
AU - Mim R.
AU - Satter A.
AU - Ahammed T.
AU - Sakib K.
PY - 2024
SP - 156
EP - 167
DO - 10.5220/0012707900003687
PB - SciTePress