Blogs (1) >>
ICSE 2019
Sat 25 - Fri 31 May 2019 Montreal, QC, Canada
ICSE 2019 (series) / Journal-First Papers /

Automatic feature learning for predicting vulnerable software components

Industry ProgramJournal-First
Hoa Khanh Dam, Truyen Tran, Trang Pham, Shien Wee Ng, John Grundy, Aditya Ghose
ICSE 2019 Journal-First Papers
Wed 29 May 2019 15:10 - 15:20 at Duluth - Security 2 Chair(s): Arie van Deursen

Code flaws or vulnerabilities are prevalent in software systems and can potentially cause a variety of problems including deadlock, hacking, information loss and system failure. A variety of approaches have been developed to try and detect the most likely locations of such code vulnerabilities in large code bases. Most of them rely on manually designing code features (e.g. complexity metrics or frequencies of code tokens) that represent the characteristics of the potentially problematic code to locate. However, all suffer from challenges in sufficiently capturing both semantic and syntactic representation of source code, an important capability for building accurate prediction models. In this paper, we describe a new approach, built upon the powerful deep learning Long Short Term Memory model, to automatically learn both semantic and syntactic features of code. Our evaluation on 18 Android applications and the Firefox application demonstrates that the prediction power obtained from our learned features is better than what is achieved by state of the art vulnerability prediction models, for both within-project prediction and cross-project prediction.

https://ieeexplore.ieee.org/document/8540022
https://www.researchgate.net/publication/329062401_Automatic_feature_learning_for_predicting_vulnerable_software_components
https://doi.org/10.1109/TSE.2018.2881961
Hoa Khanh Dam
Hoa Khanh Dam
University of Wollongong
Australia
small-avatar
Truyen Tran
small-avatar
Trang Pham
Deakin University
small-avatar
Shien Wee Ng
University of Wollongong
John Grundy
John Grundy
Monash University
Australia
small-avatar
Aditya Ghose

Wed 29 May

Displayed time zone: Eastern Time (US & Canada) change

14:00 - 15:30
Security 2Demonstrations / Technical Track / Papers / Journal-First Papers / New Ideas and Emerging Results at Duluth
Chair(s): Arie van Deursen Delft University of Technology
14:00
20m
Talk
The Seven Sins: Security Smells in Infrastructure as Code ScriptsArtifacts AvailableACM SIGSOFT Distinguished Paper AwardTechnical TrackIndustry Program
Technical Track
Akond Rahman North Carolina State University, Chris Parnin NCSU, Laurie Williams North Carolina State University
Pre-print
14:20
20m
Talk
DifFuzz: Differential Fuzzing for Side-Channel AnalysisArtifacts AvailableArtifacts Evaluated ReusableTechnical Track
Technical Track
Shirin Nilizadeh University of Texas at Arlington, Yannic Noller Humboldt-Universität zu Berlin, Corina S. Pasareanu Carnegie Mellon University Silicon Valley, NASA Ames Research Center
Pre-print
14:40
10m
Talk
Detecting Suspicious Package UpdatesIndustry ProgramNIER
New Ideas and Emerging Results
Kalil Garrett Georgia State University, Gabriel Ferreira Carnegie Mellon University, Limin Jia Carnegie Mellon University, Joshua Sunshine Carnegie Mellon University, Christian Kästner Carnegie Mellon University
Pre-print
14:50
20m
Talk
EASYFLOW: Keep Ethereum Away From OverflowDemos
Demonstrations
Jianbo Gao Peking University, Han Liu Tsinghua University, Chao Liu , Qingshan Li Peking University, Zhi Guan Peking University, Zhong Chen
Pre-print Media Attached
15:10
10m
Talk
Automatic feature learning for predicting vulnerable software componentsIndustry ProgramJournal-First
Journal-First Papers
Hoa Khanh Dam University of Wollongong, Truyen Tran , Trang Pham Deakin University, Shien Wee Ng University of Wollongong, John Grundy Monash University, Aditya Ghose
Link to publication DOI Pre-print
15:20
10m
Talk
Discussion Period
Papers