Sonnekalb, Tim (2019) Machine-learning supported vulnerability detection in source code. In: ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1180-1183. ACM. ESEC/FSE 2019 Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2019-08-26 - 2019-08-30, Tallinn, Estonia. doi: 10.1145/3338906.3341466. ISBN 978-145035572-8.
![]() |
PDF
- Only accessible within DLR
509kB |
Abstract
The awareness of writing secure code rises with the increasing number of attacks and their resultant damage. But often, software developers are no security experts and vulnerabilities arise unconsciously during the development process. They use static analysis tools for bug detection, which often come with a high false positive rate. The developers, therefore, need a lot of resources to mind about all alarms, if they want to consistently take care of the security of their software project. We want to investigate, if machine learning techniques could point the user to the position of a security weak point in the source code with a higher accuracy than ordinary methods with static analysis. For this purpose, we focus on current machine learning on code approaches for our initial studies to evolve an efficient way for finding security-related software bugs. We will create a configuration interface to discover certain vulnerabilities, categorized in CWEs. We want to create a benchmark tool to compare existing source code representations and machine learning architectures for vulnerability detection and develop a customizable feature model. At the end of this PhD project, we want to have an easy-to-use vulnerability detection tool based on machine learning on code.
Item URL in elib: | https://elib.dlr.de/128590/ | ||||||||
---|---|---|---|---|---|---|---|---|---|
Document Type: | Conference or Workshop Item (Speech) | ||||||||
Title: | Machine-learning supported vulnerability detection in source code | ||||||||
Authors: |
| ||||||||
Date: | August 2019 | ||||||||
Journal or Publication Title: | ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering | ||||||||
Refereed publication: | Yes | ||||||||
Open Access: | No | ||||||||
Gold Open Access: | No | ||||||||
In SCOPUS: | Yes | ||||||||
In ISI Web of Science: | No | ||||||||
DOI: | 10.1145/3338906.3341466 | ||||||||
Page Range: | pp. 1180-1183 | ||||||||
Publisher: | ACM | ||||||||
ISBN: | 978-145035572-8 | ||||||||
Status: | Published | ||||||||
Keywords: | machine learning on code, software security, source code analysis, vulnerabilities, vulnerability detection | ||||||||
Event Title: | ESEC/FSE 2019 Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering | ||||||||
Event Location: | Tallinn, Estonia | ||||||||
Event Type: | international Conference | ||||||||
Event Start Date: | 26 August 2019 | ||||||||
Event End Date: | 30 August 2019 | ||||||||
HGF - Research field: | Aeronautics, Space and Transport | ||||||||
HGF - Program: | Space | ||||||||
HGF - Program Themes: | other | ||||||||
DLR - Research area: | Raumfahrt | ||||||||
DLR - Program: | R - no assignment | ||||||||
DLR - Research theme (Project): | R - no assignment | ||||||||
Location: | Jena | ||||||||
Institutes and Institutions: | Institute of Data Science > IT-Security Institute of Data Science > Secure Digital Systems | ||||||||
Deposited By: | Sonnekalb, Tim | ||||||||
Deposited On: | 19 Sep 2019 08:03 | ||||||||
Last Modified: | 24 Apr 2024 20:32 |
Repository Staff Only: item control page