Sonnekalb, Tim (2019) Machine-learning supported vulnerability detection in source code. In: ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Seiten 1180-1183. ACM. ESEC/FSE 2019 Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2019-08-26 - 2019-08-30, Tallinn, Estonia. doi: 10.1145/3338906.3341466. ISBN 978-145035572-8.
PDF
- Nur DLR-intern zugänglich
509kB |
Kurzfassung
The awareness of writing secure code rises with the increasing number of attacks and their resultant damage. But often, software developers are no security experts and vulnerabilities arise unconsciously during the development process. They use static analysis tools for bug detection, which often come with a high false positive rate. The developers, therefore, need a lot of resources to mind about all alarms, if they want to consistently take care of the security of their software project. We want to investigate, if machine learning techniques could point the user to the position of a security weak point in the source code with a higher accuracy than ordinary methods with static analysis. For this purpose, we focus on current machine learning on code approaches for our initial studies to evolve an efficient way for finding security-related software bugs. We will create a configuration interface to discover certain vulnerabilities, categorized in CWEs. We want to create a benchmark tool to compare existing source code representations and machine learning architectures for vulnerability detection and develop a customizable feature model. At the end of this PhD project, we want to have an easy-to-use vulnerability detection tool based on machine learning on code.
elib-URL des Eintrags: | https://elib.dlr.de/128590/ | ||||||||
---|---|---|---|---|---|---|---|---|---|
Dokumentart: | Konferenzbeitrag (Vortrag) | ||||||||
Titel: | Machine-learning supported vulnerability detection in source code | ||||||||
Autoren: |
| ||||||||
Datum: | August 2019 | ||||||||
Erschienen in: | ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering | ||||||||
Referierte Publikation: | Ja | ||||||||
Open Access: | Nein | ||||||||
Gold Open Access: | Nein | ||||||||
In SCOPUS: | Ja | ||||||||
In ISI Web of Science: | Nein | ||||||||
DOI: | 10.1145/3338906.3341466 | ||||||||
Seitenbereich: | Seiten 1180-1183 | ||||||||
Verlag: | ACM | ||||||||
ISBN: | 978-145035572-8 | ||||||||
Status: | veröffentlicht | ||||||||
Stichwörter: | machine learning on code, software security, source code analysis, vulnerabilities, vulnerability detection | ||||||||
Veranstaltungstitel: | ESEC/FSE 2019 Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering | ||||||||
Veranstaltungsort: | Tallinn, Estonia | ||||||||
Veranstaltungsart: | internationale Konferenz | ||||||||
Veranstaltungsbeginn: | 26 August 2019 | ||||||||
Veranstaltungsende: | 30 August 2019 | ||||||||
HGF - Forschungsbereich: | Luftfahrt, Raumfahrt und Verkehr | ||||||||
HGF - Programm: | Raumfahrt | ||||||||
HGF - Programmthema: | keine Zuordnung | ||||||||
DLR - Schwerpunkt: | Raumfahrt | ||||||||
DLR - Forschungsgebiet: | R - keine Zuordnung | ||||||||
DLR - Teilgebiet (Projekt, Vorhaben): | R - keine Zuordnung | ||||||||
Standort: | Jena | ||||||||
Institute & Einrichtungen: | Institut für Datenwissenschaften > IT-Sicherheit Institut für Datenwissenschaften > Sichere Digitale Systeme | ||||||||
Hinterlegt von: | Sonnekalb, Tim | ||||||||
Hinterlegt am: | 19 Sep 2019 08:03 | ||||||||
Letzte Änderung: | 24 Apr 2024 20:32 |
Nur für Mitarbeiter des Archivs: Kontrollseite des Eintrags