elib
DLR-Header
DLR-Logo -> http://www.dlr.de
DLR Portal Home | Imprint | Privacy Policy | Contact | Deutsch
Fontsize: [-] Text [+]

Machine-learning supported vulnerability detection in source code

Sonnekalb, Tim (2019) Machine-learning supported vulnerability detection in source code. In: ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1180-1183. ACM. ESEC/FSE 2019 Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, August 26 - 30, 2019, Tallinn, Estonia. DOI: 10.1145/3338906.3341466 ISBN 978-145035572-8

[img] PDF - Registered users only
509kB

Abstract

The awareness of writing secure code rises with the increasing number of attacks and their resultant damage. But often, software developers are no security experts and vulnerabilities arise unconsciously during the development process. They use static analysis tools for bug detection, which often come with a high false positive rate. The developers, therefore, need a lot of resources to mind about all alarms, if they want to consistently take care of the security of their software project. We want to investigate, if machine learning techniques could point the user to the position of a security weak point in the source code with a higher accuracy than ordinary methods with static analysis. For this purpose, we focus on current machine learning on code approaches for our initial studies to evolve an efficient way for finding security-related software bugs. We will create a configuration interface to discover certain vulnerabilities, categorized in CWEs. We want to create a benchmark tool to compare existing source code representations and machine learning architectures for vulnerability detection and develop a customizable feature model. At the end of this PhD project, we want to have an easy-to-use vulnerability detection tool based on machine learning on code.

Item URL in elib:https://elib.dlr.de/128590/
Document Type:Conference or Workshop Item (Speech)
Title:Machine-learning supported vulnerability detection in source code
Authors:
AuthorsInstitution or Email of AuthorsAuthors ORCID iD
Sonnekalb, TimTim.Sonnekalb (at) dlr.dehttps://orcid.org/0000-0002-0067-1790
Date:August 2019
Journal or Publication Title:ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Refereed publication:Yes
Open Access:No
Gold Open Access:No
In SCOPUS:Yes
In ISI Web of Science:No
DOI :10.1145/3338906.3341466
Page Range:pp. 1180-1183
Publisher:ACM
ISBN:978-145035572-8
Status:Published
Keywords:machine learning on code, software security, source code analysis, vulnerabilities, vulnerability detection
Event Title:ESEC/FSE 2019 Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Event Location:Tallinn, Estonia
Event Type:international Conference
Event Dates:August 26 - 30, 2019
HGF - Research field:Aeronautics, Space and Transport
HGF - Program:Space
HGF - Program Themes:other
DLR - Research area:Raumfahrt
DLR - Program:R - no assignment
DLR - Research theme (Project):R - no assignment
Location: Jena
Institutes and Institutions:Institute of Data Science > IT-Security
Deposited By: Sonnekalb, Tim
Deposited On:19 Sep 2019 08:03
Last Modified:07 Oct 2019 08:08

Repository Staff Only: item control page

Browse
Search
Help & Contact
Information
electronic library is running on EPrints 3.3.12
Copyright © 2008-2017 German Aerospace Center (DLR). All rights reserved.