Your search keyword '"Wu, Xiaoxue"' showing total 4 results

1. Learning to Detect Memory-related Vulnerabilities.

Author

Cao, Sicong, Sun, Xiaobing, Bo, Lili, Wu, Rongxin, Li, Bin, Wu, Xiaoxue, Tao, Chuanqi, Zhang, Tao, and Liu, Wei

Subjects

DEEP learning, LEARNING strategies, COMPUTER software security, DETECTORS

Abstract

Memory-related vulnerabilities can result in performance degradation or even program crashes, constituting severe threats to the security of modern software. Despite the promising results of deep learning (DL)-based vulnerability detectors, there exist three main limitations: (1) rich contextual program semantics related to vulnerabilities have not yet been fully modeled; (2) multi-granularity vulnerability features in hierarchical code structure are still hard to be captured; and (3) heterogeneous flow information is not well utilized. To address these limitations, in this article, we propose a novel DL-based approach, called MVD+, to detect memory-related vulnerabilities at the statement-level. Specifically, it conducts both intraprocedural and interprocedural analysis to model vulnerability features, and adopts a hierarchical representation learning strategy, which performs syntax-aware neural embedding within statements and captures structured context information across statements based on a novel Flow-Sensitive Graph Neural Networks, to learn both syntactic and semantic features of vulnerable code. To demonstrate the performance, we conducted extensive experiments against eight state-of-the-art DL-based approaches as well as five well-known static analyzers on our constructed dataset with 6,879 vulnerabilities in 12 popular C/C++ applications. The experimental results confirmed that MVD+ can significantly outperform current state-of-the-art baselines and make a great trade-off between effectiveness and efficiency. [ABSTRACT FROM AUTHOR]

Published

2024

2. An empirical evaluation of deep learning‐based source code vulnerability detection: Representation versus models.

Author

Semasaba, Abubakar Omari Abdallah, Zheng, Wei, Wu, Xiaoxue, Agyemang, Samuel Akwasi, Liu, Tao, and Ge, Yuan

Subjects

DEEP learning, SOURCE code, ARTIFICIAL neural networks, SOFTWARE engineering, COMPUTER security vulnerabilities, MACHINE learning

Abstract

Vulnerabilities in the source code of the software are critical issues in the realm of software engineering. Coping with vulnerabilities in software source code is becoming more challenging due to several aspects such as complexity and volume. Deep learning has gained popularity throughout the years as a means of addressing such issues. This paper proposes an evaluation of vulnerability detection performance on source code representations and evaluates how machine learning (ML) strategies can improve them. The structure of our experiment consists of three deep neural networks (DNNs) in conjunction with five different source code representations: abstract syntax trees (ASTs), code gadgets (CGs), semantics‐based vulnerability candidates (SeVCs), lexed code representations (LCRs), and composite code representations (CCRs). Experimental results show that employing different ML strategies in conjunction with the base model structure influences the performance results to a varying degree. However, ML‐based techniques suffer from poor performance on class imbalance handling and dimensionality reduction when used in conjunction with source code representations. [ABSTRACT FROM AUTHOR]

Published

2023

3. A deep learning‐based approach for software vulnerability detection using code metrics.

Author

Subhan, Fazli, Wu, Xiaoxue, Bo, Lili, Sun, Xiaobing, and Rahman, Muhammad

Subjects

*DEEP learning, *ARTIFICIAL neural networks, *CONVOLUTIONAL neural networks, *SOCIAL stability, *MACHINE learning

Abstract

Vulnerabilities can have devastating effects on information security, affecting the economy, social stability, and national security. The idea of automatic vulnerability detection has always attracted researchers. From traditional manual vulnerability mining techniques to static and dynamic detection, all rely on human experts for feature definition. The rapid development of machine learning and deep learning has alleviated the tedious task of manually defining features by human experts while reducing the lack of objectivity caused by human subjective awareness. However, it is still necessary to find an objective characterisation method to define the features of vulnerabilities. Therefore, the authors use code metrics for code characterisation, sequences of metrics representing code. To use code metrics for vulnerability detection, a deep learning‐based vulnerability detection approach that uses a composite neural network of convolutional neural network (CNN) with long short‐term memory (LSTM) is proposed. The authors conduct experiments independently using the proposed approach for CNN‐LSTM CNN, LSTM, gated recurrent units (GRU), and deep neural network (DNN). The authors' experimental results show that CNN‐LSTM has a high precision of 92%, a recall of 99%, and an accuracy of 91%. In terms of the F1‐score, it is 95%, compared to previous research results, which indicated an improvement of 18%. Compared to other deep learning‐based vulnerability detection models, the authors' proposed model produced a lower false‐positive rate, a lower miss rate, and improved accuracy. [ABSTRACT FROM AUTHOR]

Published

2022

4. Automated software bug localization enabled by meta-heuristic-based convolutional neural network and improved deep neural network.

Author

Ali, Waqas, Bo, Lili, Sun, Xiaobing, Wu, Xiaoxue, Memon, Saifullah, Siraj, Saima, and Suwaree Ashton, Ann

Subjects

*CONVOLUTIONAL neural networks, *DEEP learning, *SOFTWARE localization, *FEATURE extraction, *ERROR functions

Abstract

• A new bug localization approach with CDNN using the HGW-SFO algorithm. • Improved deep learning architecture to the bug localization strategy. • Hybrid Grey Wolf-Sun Flower Optimization (HGW-SFO). • The CDNN-based model is superior to the other conventional methods in locating. • HGW-SFO with developed CDNN has done significantly better than others. Automatically localizing bugs is implemented to maximize the speed of the bug localizing process and minimize the developer's burdens. However, the existing automatic bug localization approaches have not fully used the inter-relations and the intra-relations of the source files and bug reports. In this paper, we present a CDNN-based software localization model, an automatic bug localization model enabled by a Meta-heuristic-based Convolutional Neural Network, and an improved Deep Neural Network, to enhance the effectiveness of the bug localization. First, the bug features are extracted by using word embedding technologies. The hybrid Meta heuristic-based Convolutional Neural Network (HM-CNN) is developed for feature optimization, as it can guarantee reliable localization by selecting the most significant features. The hybrid Meta heuristic-based Deep Neural Network (HM-DNN) is implemented for bug localization by considering objective functions related to the error difference between the actual score and the predicted score. Here, a new combined Grey Wolf-Sun Flower Optimization (HGW-SFO) is adopted for improving the efficiency of the system. Both the CNN in feature extraction (weighted CNN optimization) and DNN in localization phases (hidden neuron optimization) are improved by Hybrid HGW-SFO. Experimental results demonstrate that the proposed CDNN-based software bug localization model is significantly superior to the other conventional methods over several benchmark datasets in locating the bug source files. From the result analysis, while considering the accuracy value of the proposed HGW-SFO-CDNN, the proposed HGW-SFO-CDNN method secures 5.8%, 5.8%, and 9.75% more advanced performance than CNN, DNN, and CDNN at the number of retrieved files as 20. [ABSTRACT FROM AUTHOR]

Published

2023