Software Vulnerability Detection Using Deep Neural Networks: A Survey

The constantly increasing number of disclosed security vulnerabilities have become an important concern in the software industry and in the field of cybersecurity, suggesting that the current approaches for vulnerability detection demand further improvement. The booming of the open-source software c...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Proceedings of the IEEE Ročník 108; číslo 10; s. 1825 - 1848
Hlavní autoři: Lin, Guanjun, Wen, Sheng, Han, Qing-Long, Zhang, Jun, Xiang, Yang
Médium: Journal Article
Jazyk:angličtina
Vydáno: New York IEEE 01.10.2020
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Témata:
Artificial neural networks
Computer bugs
Computer security
Cybersecurity
Data mining
Deep learning
deep neural network (DNN)
Feature extraction
Literature reviews
Machine learning
machine learning (ML)
Machine translation
Neural networks
Open source software
representation learning
Semantics
Software engineering
Software reliability
software vulnerability
Source code
Speech recognition
ISSN:0018-9219, 1558-2256
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Abstract The constantly increasing number of disclosed security vulnerabilities have become an important concern in the software industry and in the field of cybersecurity, suggesting that the current approaches for vulnerability detection demand further improvement. The booming of the open-source software community has made vast amounts of software code available, which allows machine learning and data mining techniques to exploit abundant patterns within software code. Particularly, the recent breakthrough application of deep learning to speech recognition and machine translation has demonstrated the great potential of neural models' capability of understanding natural languages. This has motivated researchers in the software engineering and cybersecurity communities to apply deep learning for learning and understanding vulnerable code patterns and semantics indicative of the characteristics of vulnerable code. In this survey, we review the current literature adopting deep-learning-/neural-network-based approaches for detecting software vulnerabilities, aiming at investigating how the state-of-the-art research leverages neural techniques for learning and understanding code semantics to facilitate vulnerability discovery. We also identify the challenges in this new field and share our views of potential research directions.
AbstractList The constantly increasing number of disclosed security vulnerabilities have become an important concern in the software industry and in the field of cybersecurity, suggesting that the current approaches for vulnerability detection demand further improvement. The booming of the open-source software community has made vast amounts of software code available, which allows machine learning and data mining techniques to exploit abundant patterns within software code. Particularly, the recent breakthrough application of deep learning to speech recognition and machine translation has demonstrated the great potential of neural models' capability of understanding natural languages. This has motivated researchers in the software engineering and cybersecurity communities to apply deep learning for learning and understanding vulnerable code patterns and semantics indicative of the characteristics of vulnerable code. In this survey, we review the current literature adopting deep-learning-/neural-network-based approaches for detecting software vulnerabilities, aiming at investigating how the state-of-the-art research leverages neural techniques for learning and understanding code semantics to facilitate vulnerability discovery. We also identify the challenges in this new field and share our views of potential research directions.
Author Wen, Sheng
Han, Qing-Long
Lin, Guanjun
Zhang, Jun
Xiang, Yang
Author_xml – sequence: 1
  givenname: Guanjun
  orcidid: 0000-0003-3280-1307
  surname: Lin
  fullname: Lin, Guanjun
  email: daniellin1986d@gmail.com
  organization: School of Information Engineering, Sanming University, Fujian, Sanming, China
– sequence: 2
  givenname: Sheng
  orcidid: 0000-0003-0655-666X
  surname: Wen
  fullname: Wen, Sheng
  email: swen@swin.edu.au
  organization: School of Software and Electrical Engineering, Swinburne University of Technology, Melbourne, VIC, Australia
– sequence: 3
  givenname: Qing-Long
  orcidid: 0000-0002-7207-0716
  surname: Han
  fullname: Han, Qing-Long
  email: qhan@swin.edu.au
  organization: School of Software and Electrical Engineering, Swinburne University of Technology, Melbourne, VIC, Australia
– sequence: 4
  givenname: Jun
  orcidid: 0000-0002-2189-7801
  surname: Zhang
  fullname: Zhang, Jun
  email: junzhang@swin.edu.au
  organization: School of Software and Electrical Engineering, Swinburne University of Technology, Melbourne, VIC, Australia
– sequence: 5
  givenname: Yang
  orcidid: 0000-0001-5252-0831
  surname: Xiang
  fullname: Xiang, Yang
  email: yxiang@swin.edu.au
  organization: School of Software and Electrical Engineering, Swinburne University of Technology, Melbourne, VIC, Australia
BookMark eNp9kM9LwzAYhoNMcJv-A3opeO5M0qRNvI05fyFOnPMa0vSLZNZ2pqlj_72dGx48eHr54H2-F54B6lV1BQidEjwiBMuL-6fn2WREMcUjKmVCZXKA-oRzEVPK0x7qY0xELCmRR2jQNEuMccLTpI-m89qGtfYQvbZlBV7nrnRhE11BABNcXUWLxlVv3Q2r6BFar8suwrr2781lNI7mrf-CzTE6tLps4GSfQ7S4nr5MbuOH2c3dZPwQGyp5iHPghaA54ywX0nBjLUmNzHBW0FQA0zJlhc6FzvO0IIXR3NpMGpqCLYyEDCdDdL77u_L1ZwtNUMu69VU3qShjGeeMsLRr0V3L-LppPFi18u5D-40iWG11qR9daqtL7XV1kPgDGRf01kDw2pX_o2c71AHA75YkWFCRJN9ktnr8
CODEN IEEPAD
CitedBy_id crossref_primary_10_1002_int_23088
crossref_primary_10_1016_j_jisa_2023_103484
crossref_primary_10_1007_s10586_025_05506_7
crossref_primary_10_1016_j_jisa_2023_103483
crossref_primary_10_1109_TCSS_2022_3227270
crossref_primary_10_1007_s00500_022_07775_5
crossref_primary_10_1007_s10664_023_10405_9
crossref_primary_10_1109_TNSM_2023_3238402
crossref_primary_10_1145_3721977
crossref_primary_10_3390_app13095290
crossref_primary_10_1016_j_cose_2021_102496
crossref_primary_10_1145_3417978
crossref_primary_10_1016_j_jnca_2021_103009
crossref_primary_10_1145_3699711
crossref_primary_10_1007_s10664_022_10244_0
crossref_primary_10_1109_JIOT_2021_3126461
crossref_primary_10_1016_j_adhoc_2023_103247
crossref_primary_10_1016_j_cose_2024_104151
crossref_primary_10_1109_JAS_2022_106058
crossref_primary_10_1155_2021_6220166
crossref_primary_10_1016_j_infsof_2023_107274
crossref_primary_10_1109_TSE_2022_3171202
crossref_primary_10_1145_3664602
crossref_primary_10_1016_j_eswa_2023_120073
crossref_primary_10_1080_09540091_2024_2447373
crossref_primary_10_1109_TDSC_2020_3029845
crossref_primary_10_1016_j_cose_2024_103992
crossref_primary_10_1145_3708522
crossref_primary_10_32604_cmc_2023_040253
crossref_primary_10_1038_s41598_024_63021_y
crossref_primary_10_1007_s10515_024_00413_4
crossref_primary_10_1109_TIFS_2020_3044773
crossref_primary_10_1016_j_sysarc_2021_102240
crossref_primary_10_3390_sym16101381
crossref_primary_10_1016_j_isatra_2023_01_021
crossref_primary_10_1109_ACCESS_2020_3034324
crossref_primary_10_1007_s10489_022_03350_5
crossref_primary_10_1016_j_csi_2023_103825
crossref_primary_10_1109_TII_2025_3534441
crossref_primary_10_1109_JAS_2024_124971
crossref_primary_10_1109_TDSC_2022_3143551
crossref_primary_10_1109_TII_2020_3036166
crossref_primary_10_1109_ACCESS_2022_3191115
crossref_primary_10_32604_cmc_2024_050019
crossref_primary_10_1177_18724981251360514
crossref_primary_10_1109_JAS_2021_1004261
crossref_primary_10_1109_JIOT_2022_3152364
crossref_primary_10_1007_s10207_025_00989_2
crossref_primary_10_1016_j_infsof_2025_107853
crossref_primary_10_1016_j_infsof_2024_107453
crossref_primary_10_3233_IDT_230241
crossref_primary_10_1016_j_asoc_2022_109756
crossref_primary_10_1016_j_procs_2022_04_036
crossref_primary_10_1109_JAS_2022_105860
crossref_primary_10_1016_j_infsof_2023_107371
crossref_primary_10_1109_TII_2022_3223234
crossref_primary_10_1109_JSEN_2023_3301517
crossref_primary_10_1145_3512345
crossref_primary_10_3390_app15126524
crossref_primary_10_1016_j_scico_2022_102810
crossref_primary_10_1109_TSE_2024_3427815
crossref_primary_10_1109_JIOT_2024_3384437
crossref_primary_10_1016_j_ins_2022_04_018
crossref_primary_10_32604_cmc_2023_038878
crossref_primary_10_1002_int_23074
crossref_primary_10_1109_JETCAS_2024_3491169
crossref_primary_10_1145_3750042
crossref_primary_10_1016_j_cose_2024_103787
crossref_primary_10_1016_j_comcom_2021_07_005
crossref_primary_10_1109_ACCESS_2024_3378533
crossref_primary_10_1145_3558001
crossref_primary_10_1016_j_isatra_2023_06_030
crossref_primary_10_1109_JIOT_2024_3460349
crossref_primary_10_1016_j_isatra_2023_06_029
crossref_primary_10_1109_JBHI_2021_3139591
crossref_primary_10_1109_JSYST_2021_3072154
crossref_primary_10_1002_int_22867
crossref_primary_10_1007_s10207_024_00901_4
crossref_primary_10_1002_int_22868
crossref_primary_10_1109_TSE_2024_3423712
crossref_primary_10_1002_int_22884
crossref_primary_10_1016_j_future_2024_04_006
crossref_primary_10_3390_s24206601
crossref_primary_10_1002_smr_2422
crossref_primary_10_1109_JIOT_2022_3142823
crossref_primary_10_1016_j_cose_2023_103138
crossref_primary_10_1109_JIOT_2021_3062626
crossref_primary_10_1016_j_jss_2024_112234
crossref_primary_10_1016_j_jisa_2024_103718
crossref_primary_10_1007_s10586_024_04472_w
crossref_primary_10_1109_ACCESS_2020_3034766
crossref_primary_10_1016_j_infsof_2023_107246
crossref_primary_10_1145_3744709
crossref_primary_10_1080_09540091_2022_2139353
crossref_primary_10_1145_3640333
crossref_primary_10_1002_int_23022
crossref_primary_10_1007_s10515_025_00532_6
crossref_primary_10_1016_j_jisa_2023_103620
crossref_primary_10_1007_s11042_024_19682_y
crossref_primary_10_1016_j_cosrev_2022_100500
crossref_primary_10_1007_s10664_021_10029_x
crossref_primary_10_1007_s00521_024_10797_9
crossref_primary_10_3390_a14110335
crossref_primary_10_1007_s10207_025_00983_8
crossref_primary_10_1007_s10515_024_00464_7
crossref_primary_10_1145_3735554
crossref_primary_10_1016_j_infsof_2023_107219
crossref_primary_10_1109_ACCESS_2024_3396410
crossref_primary_10_1016_j_hcc_2024_100268
crossref_primary_10_1007_s10515_024_00440_1
crossref_primary_10_3390_app12147337
crossref_primary_10_1109_TDSC_2022_3153325
crossref_primary_10_1016_j_jisa_2023_103511
crossref_primary_10_3390_electronics12112495
crossref_primary_10_3390_electronics14050975
crossref_primary_10_1016_j_simpat_2021_102391
crossref_primary_10_1145_3698773
crossref_primary_10_32604_cmc_2023_045522
crossref_primary_10_1016_j_eswa_2023_121865
crossref_primary_10_1016_j_jss_2023_111623
crossref_primary_10_1186_s40537_023_00727_2
crossref_primary_10_1016_j_procs_2023_08_142
crossref_primary_10_1109_TII_2024_3485707
crossref_primary_10_1016_j_jisa_2023_103521
crossref_primary_10_1016_j_infsof_2023_107304
crossref_primary_10_1016_j_jisa_2023_103524
crossref_primary_10_1016_j_ijcip_2022_100540
crossref_primary_10_1016_j_jisa_2024_103925
crossref_primary_10_1145_3728884
crossref_primary_10_1016_j_compeleceng_2022_108308
crossref_primary_10_1109_JIOT_2025_3541090
crossref_primary_10_1145_3694782
crossref_primary_10_1016_j_infsof_2025_107797
crossref_primary_10_1007_s11517_023_02912_0
crossref_primary_10_1016_j_jnca_2022_103370
crossref_primary_10_1109_JIOT_2022_3147186
crossref_primary_10_1016_j_inffus_2024_102748
crossref_primary_10_1109_ACCESS_2021_3072635
crossref_primary_10_1002_int_23013
crossref_primary_10_3390_app14135750
crossref_primary_10_1007_s11235_023_01085_3
crossref_primary_10_1007_s10515_024_00418_z
crossref_primary_10_1016_j_jss_2025_112570
crossref_primary_10_1016_j_cose_2022_102823
crossref_primary_10_3233_JIFS_230009
crossref_primary_10_1016_j_cose_2022_102813
crossref_primary_10_1016_j_jnca_2023_103761
crossref_primary_10_1145_3735968
crossref_primary_10_1016_j_jss_2024_112038
crossref_primary_10_1016_j_comcom_2021_08_002
crossref_primary_10_1016_j_scico_2025_103357
crossref_primary_10_1007_s10489_021_03128_1
crossref_primary_10_1145_3744555
crossref_primary_10_1155_2021_8493795
crossref_primary_10_1002_cpe_8292
crossref_primary_10_1007_s10207_024_00848_6
crossref_primary_10_1109_ACCESS_2023_3296789
crossref_primary_10_3390_electronics12092046
crossref_primary_10_1016_j_eswa_2023_123041
crossref_primary_10_3390_aerospace11060488
crossref_primary_10_1016_j_infsof_2022_106822
crossref_primary_10_1016_j_jisa_2023_103555
crossref_primary_10_1109_JIOT_2022_3196269
crossref_primary_10_1155_2022_7424094
crossref_primary_10_3390_electronics12102258
crossref_primary_10_1002_int_22819
crossref_primary_10_1007_s00521_022_08046_y
crossref_primary_10_1007_s11227_025_07198_7
crossref_primary_10_1016_j_jss_2024_112014
crossref_primary_10_1016_j_isatra_2023_03_034
crossref_primary_10_1155_2023_9970205
crossref_primary_10_3390_s21072456
crossref_primary_10_2478_pomr_2024_0014
crossref_primary_10_1016_j_isatra_2023_04_025
crossref_primary_10_1109_TCSS_2021_3135586
crossref_primary_10_1016_j_isatra_2023_04_022
crossref_primary_10_1016_j_isatra_2023_04_021
crossref_primary_10_1016_j_isatra_2023_04_020
crossref_primary_10_1007_s13042_024_02153_z
crossref_primary_10_1080_09540091_2021_2013443
crossref_primary_10_1016_j_knosys_2025_114146
crossref_primary_10_1016_j_isatra_2023_04_019
crossref_primary_10_1016_j_isatra_2023_04_018
crossref_primary_10_3390_math10234482
crossref_primary_10_1016_j_isatra_2022_12_020
crossref_primary_10_1016_j_jss_2023_111679
crossref_primary_10_1109_TSE_2022_3147265
crossref_primary_10_1016_j_infsof_2024_107458
crossref_primary_10_1109_TIFS_2023_3326985
crossref_primary_10_1145_3664806
crossref_primary_10_1145_3610228
crossref_primary_10_1145_3662184
crossref_primary_10_21822_2073_6185_2025_52_2_98_106
crossref_primary_10_1016_j_isatra_2023_04_010
crossref_primary_10_1007_s10664_022_10276_6
crossref_primary_10_1093_comjnl_bxae041
crossref_primary_10_1002_nem_2198
crossref_primary_10_1145_3705616
crossref_primary_10_3390_app13020825
crossref_primary_10_1016_j_eswa_2025_128431
crossref_primary_10_1016_j_heliyon_2023_e17599
crossref_primary_10_1109_TSUSC_2023_3248965
crossref_primary_10_1002_cpe_70070
crossref_primary_10_1109_TCYB_2022_3164625
crossref_primary_10_1016_j_jisa_2023_103467
crossref_primary_10_1155_2020_8859489
crossref_primary_10_1016_j_cose_2022_103006
crossref_primary_10_1016_j_cose_2021_102308
crossref_primary_10_1109_JAS_2024_125034
crossref_primary_10_3390_s24175465
crossref_primary_10_3390_make6020050
crossref_primary_10_1080_1206212X_2025_2452882
crossref_primary_10_1155_2022_6039690
crossref_primary_10_1109_TIFS_2024_3369479
crossref_primary_10_1007_s00521_024_10892_x
crossref_primary_10_1145_3529757
crossref_primary_10_1016_j_cose_2022_103017
crossref_primary_10_3390_e25060888
crossref_primary_10_1007_s10664_024_10519_8
crossref_primary_10_1145_3436751
crossref_primary_10_1007_s41019_024_00260_z
crossref_primary_10_1093_comjnl_bxac080
crossref_primary_10_1007_s11227_023_05282_4
Cites_doi 10.1145/2420950.2421003
10.1109/TDSC.2019.2942930
10.1109/TII.2018.2821768
10.1109/SP.2018.00003
10.3115/v1/D14-1181
10.1109/ICASSP.2013.6639345
10.1162/neco.1997.9.8.1735
10.1007/s11277-017-5069-3
10.1155/2019/6230953
10.2307/3001968
10.14722/ndss.2018.23158
10.1145/3196398.3196448
10.1109/IWCMC.2019.8766500
10.18653/v1/N18-1202
10.1109/ICSE.2012.6227135
10.1109/MINES.2012.202
10.1145/1218063.1217938
10.1109/SP.2017.62
10.1109/TC.2013.2295802
10.1145/3092566
10.1007/s00165-014-0326-7
10.1145/2810103.2813604
10.1007/s10994-006-6226-1
10.1145/1653662.1653717
10.1109/SP.2012.13
10.1109/COMST.2016.2615098
10.6028/NIST.TN.1995
10.1145/2939672.2939778
10.1007/s10664-011-9190-8
10.1109/TIFS.2019.2932228
10.1145/2884781.2884804
10.1109/MSR.2015.38
10.1007/BF02551274
10.1145/1062455.1062514
10.1145/2187671.2187673
10.1016/j.sysarc.2010.06.003
10.1145/2664243.2664269
10.1145/3133956.3138840
10.1145/3212695
10.1109/TDSC.2014.2373377
10.1016/j.future.2018.04.016
10.1109/ICSE.2013.6606584
10.1109/TPDS.2012.98
10.1145/2746194.2746198
10.1109/TSE.1976.233837
10.3115/v1/D14-1179
10.1109/ICMLA.2018.00120
10.1145/375360.375365
10.1145/1414004.1414065
10.1109/TSE.2014.2340398
10.1109/SP.2014.44
10.1109/SP.2015.54
10.1109/TDSC.2019.2954088
10.3115/v1/P14-2105
10.1109/TCYB.2019.2940940
10.1016/j.asoc.2014.11.023
10.1109/TSE.2010.81
10.6028/jres.123.005
10.1109/COMST.2018.2885561
10.3115/v1/P15-1150
10.1109/CompComm.2017.8322752
10.1145/2857705.2857720
10.1145/1095430.1081755
10.1016/j.infsof.2013.04.002
10.6028/NIST.SP.500-297
10.1145/1287624.1287630
10.1145/2508859.2516665
10.1109/DSC.2016.33
10.1038/nature14539
10.1145/1315245.1315311
10.1109/TKDE.2017.2697856
10.1145/2351676.2351733
10.1145/502059.502041
10.1109/CGO.2004.1281665
10.1109/JPROC.2017.2761740
10.1109/COMST.2018.2800740
10.1016/j.cose.2017.11.013
10.24963/ijcai.2017/214
10.1109/ICMLA.2015.99
10.1007/978-3-319-25159-2_49
ContentType Journal Article
Copyright Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020
Copyright_xml – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020
DBID 97E
RIA
RIE
AAYXX
CITATION
7SP
8FD
L7M
DOI 10.1109/JPROC.2020.2993293
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005–Present
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE/IET Electronic Library (IEL) (UW System Shared)
CrossRef
Electronics & Communications Abstracts
Technology Research Database
Advanced Technologies Database with Aerospace
DatabaseTitle CrossRef
Technology Research Database
Advanced Technologies Database with Aerospace
Electronics & Communications Abstracts
DatabaseTitleList
Technology Research Database
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 1558-2256
EndPage 1848
ExternalDocumentID 10_1109_JPROC_2020_2993293
9108283
Genre orig-research
GroupedDBID -DZ
-~X
.DC
0R~
123
1OL
29P
3EH
4.4
6IK
85S
97E
9M8
AAJGR
AAWTH
ABAZT
ABFSI
ABJNI
ABQJQ
ABVLG
ACBEA
ACGFS
AENEX
AETEA
AETIX
AFOGA
AGNAY
AGQYO
AGSQL
AHBIQ
AIBXA
ALLEH
ALMA_UNASSIGNED_HOLDINGS
AZLTO
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CS3
DU5
EBS
EJD
FA8
HZ~
H~9
IAAWW
IBMZZ
ICLAB
IDIHD
IFIPE
IFJZH
IPLJI
JAVBF
LAI
M43
MVM
O9-
OCL
RIA
RIE
RIU
RNS
TAE
TN5
TWZ
UDY
UHB
UKR
UQL
VOH
WHG
XJT
XOL
YNT
ZCA
ZXP
ZY4
~02
AAYXX
CITATION
7SP
8FD
L7M
RIG
ID FETCH-LOGICAL-c295t-be5d82b454b89c5cff16c9707d268e4a964dab8abb6d1dca5ff79c26efdc9e703
IEDL.DBID RIE
ISICitedReferencesCount 302
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000574742200006&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 0018-9219
IngestDate Fri Jul 25 07:53:19 EDT 2025
Tue Nov 18 21:49:15 EST 2025
Sat Nov 29 06:01:43 EST 2025
Wed Aug 27 02:31:55 EDT 2025
IsPeerReviewed true
IsScholarly true
Issue 10
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html
https://doi.org/10.15223/policy-029
https://doi.org/10.15223/policy-037
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c295t-be5d82b454b89c5cff16c9707d268e4a964dab8abb6d1dca5ff79c26efdc9e703
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0002-7207-0716
0000-0002-2189-7801
0000-0001-5252-0831
0000-0003-0655-666X
0000-0003-3280-1307
PQID 2447554146
PQPubID 85453
PageCount 24
ParticipantIDs ieee_primary_9108283
proquest_journals_2447554146
crossref_primary_10_1109_JPROC_2020_2993293
crossref_citationtrail_10_1109_JPROC_2020_2993293
PublicationCentury 2000
PublicationDate 2020-10-01
PublicationDateYYYYMMDD 2020-10-01
PublicationDate_xml – month: 10
  year: 2020
  text: 2020-10-01
  day: 01
PublicationDecade 2020
PublicationPlace New York
PublicationPlace_xml – name: New York
PublicationTitle Proceedings of the IEEE
PublicationTitleAbbrev JPROC
PublicationYear 2020
Publisher IEEE
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml – name: IEEE
– name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References ref57
ref56
ref59
gal (ref31) 2016
le (ref51) 2014
alon (ref8) 2019; 3
black (ref10) 2006; 500
ref50
ref46
ref45
ramos (ref83) 2015
ref42
ref41
ref44
ref43
bahdanau (ref9) 2014
cao (ref14) 2016
(ref1) 2017
vaswani (ref107) 2017
ref7
ref6
lecun (ref53) 2015; 521
ref101
ref40
ref35
ref30
ref33
ref32
harer (ref38) 2018
gupta (ref36) 2017
chollet (ref19) 2015
ref39
wheeler (ref113) 2016
sukhbaatar (ref100) 2015
(ref4) 2016
ref23
sukhbaatar (ref99) 2015
harer (ref37) 2018
ref25
ref20
kipf (ref48) 2016
ref21
ref28
dam (ref24) 2017
ref27
ref29
weston (ref112) 2014
csáji (ref22) 2001; 24
ramsundar (ref84) 2018
(ref3) 2014
thanassis (ref106) 2011
parr (ref77) 2013
ref12
ref128
ref15
ref126
ref127
ref96
socher (ref97) 2011
(ref5) 2017
ref124
ref11
ref125
ref98
wu (ref118) 2019
ref17
ref18
li (ref55) 2018
cadar (ref13) 2008; 8
ref93
ref92
ref95
ref94
ref91
ref90
lin (ref58) 2019
ref86
ref85
ref88
graves (ref34) 2014
chess (ref16) 2019
(ref2) 2009
ref82
ref81
le (ref52) 2018
devlin (ref26) 2018
ref80
ref79
ref108
ref78
ref109
mikolov (ref67) 2013
sestili (ref89) 2018
ref75
ref104
ref105
ref76
sutton (ref103) 2007
newsome (ref74) 2005
kingma (ref47) 2013
krizhevsky (ref49) 2012
ref71
ref111
ref70
ref73
ref72
ref110
lee (ref54) 2017
ref119
ref117
ref69
ref64
ref115
ref63
ref116
sabottke (ref87) 2015
ref66
ref65
ref114
mikolov (ref68) 2013
sutskever (ref102) 2014
ref60
ref122
ref123
ref62
ref120
ref61
ref121
References_xml – ident: ref120
  doi: 10.1145/2420950.2421003
– start-page: 3111
  year: 2013
  ident: ref68
  article-title: Distributed representations of words and phrases and their compositionality
  publication-title: Proc Adv Neural Inf Process Syst
– ident: ref127
  doi: 10.1109/TDSC.2019.2942930
– year: 2019
  ident: ref16
  publication-title: Rough Auditing Tool for Security
– year: 2014
  ident: ref112
  article-title: Memory networks
  publication-title: arXiv 1410 3916
– year: 2014
  ident: ref3
  publication-title: Shellshock All You Need to Know About the Bash Bug Vulnerability
– ident: ref61
  doi: 10.1109/TII.2018.2821768
– ident: ref109
  doi: 10.1109/SP.2018.00003
– ident: ref46
  doi: 10.3115/v1/D14-1181
– start-page: 1345
  year: 2017
  ident: ref36
  article-title: Deepfix: Fixing common C language errors by deep learning
  publication-title: Proc 31st AAAI Conf Artif Intell
– ident: ref25
  doi: 10.1109/ICASSP.2013.6639345
– year: 2009
  ident: ref2
  publication-title: Securely taking on new executable software of uncertain provenance (STONESOUP)
– ident: ref41
  doi: 10.1162/neco.1997.9.8.1735
– year: 2018
  ident: ref55
  article-title: SySeVR: A framework for using deep learning to detect software vulnerabilities
  publication-title: arXiv 1807 06756
– ident: ref27
  doi: 10.1007/s11277-017-5069-3
– ident: ref30
  doi: 10.1155/2019/6230953
– ident: ref115
  doi: 10.2307/3001968
– ident: ref56
  doi: 10.14722/ndss.2018.23158
– year: 2013
  ident: ref47
  article-title: Auto-encoding variational Bayes
  publication-title: arXiv 1312 6114
– ident: ref28
  doi: 10.1145/3196398.3196448
– year: 2013
  ident: ref67
  article-title: Efficient estimation of word representations in vector space
  publication-title: arXiv 1301 3781 [cs]
– ident: ref98
  doi: 10.1109/IWCMC.2019.8766500
– ident: ref80
  doi: 10.18653/v1/N18-1202
– ident: ref40
  doi: 10.1109/ICSE.2012.6227135
– ident: ref62
  doi: 10.1109/MINES.2012.202
– ident: ref82
  doi: 10.1145/1218063.1217938
– year: 2018
  ident: ref89
  article-title: Towards security defect prediction with AI
  publication-title: arXiv 1808 09897
– ident: ref39
  doi: 10.1109/ICSE.2012.6227135
– ident: ref45
  doi: 10.1109/SP.2017.62
– start-page: 1041
  year: 2015
  ident: ref87
  article-title: Vulnerability disclosure in the age of social media: Exploiting Twitter for predicting real-world exploits
  publication-title: Proc Usenix Secur Symp
– ident: ref111
  doi: 10.1109/TC.2013.2295802
– year: 2016
  ident: ref48
  article-title: Semi-supervised classification with graph convolutional networks
  publication-title: arXiv 1609 02907
– ident: ref33
  doi: 10.1145/3092566
– start-page: 2440
  year: 2015
  ident: ref100
  article-title: End-to-end memory networks
  publication-title: Proc Adv Neural Inf Process Syst
– ident: ref128
  doi: 10.1007/s00165-014-0326-7
– ident: ref79
  doi: 10.1145/2810103.2813604
– year: 2013
  ident: ref77
  publication-title: The Definitive Antlr 4 Reference
– ident: ref32
  doi: 10.1007/s10994-006-6226-1
– year: 2011
  ident: ref106
  article-title: AEG: Automatic exploit generation
  publication-title: Proc Symp Netw Distrib Syst Security
– start-page: 1050
  year: 2016
  ident: ref31
  article-title: Dropout as a Bayesian approximation: Representing model uncertainty in deep learning
  publication-title: Proc Int Conf Mach Learn
– ident: ref66
  doi: 10.1145/1653662.1653717
– ident: ref42
  doi: 10.1109/SP.2012.13
– ident: ref43
  doi: 10.1109/COMST.2016.2615098
– year: 2017
  ident: ref5
  publication-title: Equifax Had Patch 2 Months Before Hack and Didn't Install It Security Group Says
– year: 2016
  ident: ref113
  publication-title: Flawfinder
– year: 2017
  ident: ref24
  article-title: Automatic feature learning for vulnerability prediction
  publication-title: arXiv 1708 02368
– year: 2014
  ident: ref9
  article-title: Neural machine translation by jointly learning to align and translate
  publication-title: arXiv 1409 0473
– start-page: 1188
  year: 2014
  ident: ref51
  article-title: Distributed representations of sentences and documents
  publication-title: Proc Int Conf Mach Learn
– year: 2018
  ident: ref38
  article-title: Automated software vulnerability detection with machine learning
  publication-title: arXiv 1803 04497
– ident: ref12
  doi: 10.6028/NIST.TN.1995
– ident: ref85
  doi: 10.1145/2939672.2939778
– ident: ref96
  doi: 10.1007/s10664-011-9190-8
– year: 2015
  ident: ref99
  article-title: Weakly supervised memory networks
  publication-title: arXiv 1503 08895
– ident: ref15
  doi: 10.1109/TIFS.2019.2932228
– ident: ref110
  doi: 10.1145/2884781.2884804
– ident: ref114
  doi: 10.1109/MSR.2015.38
– start-page: 5998
  year: 2017
  ident: ref107
  article-title: Attention is all you need
  publication-title: Proc Adv Neural Inf Process Syst
– ident: ref23
  doi: 10.1007/BF02551274
– ident: ref70
  doi: 10.1145/1062455.1062514
– ident: ref90
  doi: 10.1145/2187671.2187673
– start-page: 1097
  year: 2012
  ident: ref49
  article-title: Imagenet classification with deep convolutional neural networks
  publication-title: Proc Adv Neural Inf Process Syst
– ident: ref20
  doi: 10.1016/j.sysarc.2010.06.003
– start-page: 219
  year: 2019
  ident: ref58
  article-title: Deep learning-based vulnerable function detection: A benchmark
  publication-title: Proc Int Conf Inf Commun Secur
– start-page: 3
  year: 2005
  ident: ref74
  article-title: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software
  publication-title: Proc NDSS
– volume: 8
  start-page: 209
  year: 2008
  ident: ref13
  article-title: KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs
  publication-title: Proc OSDI
– ident: ref81
  doi: 10.1145/2664243.2664269
– year: 2017
  ident: ref1
  publication-title: The Heartbleed Vulnerability
– volume: 3
  start-page: 40
  year: 2019
  ident: ref8
  publication-title: Proc ACM Program Lang POPL
– year: 2014
  ident: ref34
  article-title: Neural turing machines
  publication-title: arXiv 1410 5401
– ident: ref60
  doi: 10.1145/3133956.3138840
– year: 2018
  ident: ref26
  article-title: BERT: Pre-training of deep bidirectional transformers for language understanding
  publication-title: arXiv 1810 04805
– year: 2017
  ident: ref54
  article-title: Learning binary code with deep learning to detect software weakness
  publication-title: Proc KSII 9th Int Conf Internet Symp
– year: 2015
  ident: ref19
  publication-title: Keras
– ident: ref7
  doi: 10.1145/3212695
– ident: ref91
  doi: 10.1109/TDSC.2014.2373377
– ident: ref126
  doi: 10.1016/j.future.2018.04.016
– ident: ref71
  doi: 10.1109/ICSE.2013.6606584
– ident: ref124
  doi: 10.1109/TPDS.2012.98
– ident: ref69
  doi: 10.1145/2746194.2746198
– ident: ref65
  doi: 10.1109/TSE.1976.233837
– ident: ref17
  doi: 10.3115/v1/D14-1179
– ident: ref86
  doi: 10.1109/ICMLA.2018.00120
– ident: ref72
  doi: 10.1145/375360.375365
– year: 2016
  ident: ref4
  publication-title: Rough Auditing Tool for Security (RATS)
– ident: ref95
  doi: 10.1145/1414004.1414065
– start-page: 49
  year: 2015
  ident: ref83
  article-title: Under-constrained symbolic execution: Correctness checking for real code
  publication-title: Proc Usenix Secur Symp
– ident: ref88
  doi: 10.1109/TSE.2014.2340398
– ident: ref108
  doi: 10.1109/SP.2018.00003
– start-page: 1145
  year: 2016
  ident: ref14
  article-title: Deep neural networks for learning graph representations
  publication-title: Proc 13th AAAI Conf Artif Intell
– ident: ref119
  doi: 10.1109/SP.2014.44
– ident: ref121
  doi: 10.1109/SP.2015.54
– ident: ref59
  doi: 10.1109/TDSC.2019.2954088
– ident: ref123
  doi: 10.3115/v1/P14-2105
– ident: ref21
  doi: 10.1109/TCYB.2019.2940940
– ident: ref64
  doi: 10.1016/j.asoc.2014.11.023
– start-page: 129
  year: 2011
  ident: ref97
  article-title: Parsing natural scenes and natural language with recursive neural networks
  publication-title: Proc 28th Int Conf Mach Learn (ICML)
– ident: ref94
  doi: 10.1109/TSE.2010.81
– ident: ref11
  doi: 10.6028/jres.123.005
– year: 2007
  ident: ref103
  publication-title: Fuzzing Brute Force Vulnerability Discovery
– year: 2019
  ident: ref118
  article-title: A comprehensive survey on graph neural networks
  publication-title: arXiv 1901 00596
– volume: 500
  start-page: 2
  year: 2006
  ident: ref10
  article-title: Samate's contribution to information assurance
  publication-title: NIST Special Publication
– ident: ref101
  doi: 10.1109/COMST.2018.2885561
– ident: ref105
  doi: 10.3115/v1/P15-1150
– ident: ref116
  doi: 10.1109/CompComm.2017.8322752
– ident: ref35
  doi: 10.1145/2857705.2857720
– ident: ref57
  doi: 10.1145/1095430.1081755
– ident: ref93
  doi: 10.1016/j.infsof.2013.04.002
– ident: ref75
  doi: 10.6028/NIST.SP.500-297
– ident: ref6
  doi: 10.1145/1287624.1287630
– ident: ref122
  doi: 10.1145/2508859.2516665
– ident: ref44
  doi: 10.1109/DSC.2016.33
– volume: 521
  start-page: 436
  year: 2015
  ident: ref53
  article-title: Deep learning
  publication-title: Nature
  doi: 10.1038/nature14539
– ident: ref73
  doi: 10.1145/1315245.1315311
– year: 2018
  ident: ref52
  article-title: Maximal divergence sequential autoencoder for binary software vulnerability detection
  publication-title: Proc Int Conf Learn Represent (ICLR)ICLR
– ident: ref125
  doi: 10.1109/TKDE.2017.2697856
– ident: ref92
  doi: 10.1145/2351676.2351733
– ident: ref29
  doi: 10.1145/502059.502041
– start-page: 7933
  year: 2018
  ident: ref37
  article-title: Learning to repair software vulnerabilities with generative adversarial networks
  publication-title: Proc Adv Neural Inf Process Syst
– ident: ref50
  doi: 10.1109/CGO.2004.1281665
– ident: ref104
  doi: 10.1109/JPROC.2017.2761740
– volume: 24
  start-page: 7
  year: 2001
  ident: ref22
  article-title: Approximation with artificial neural networks
– ident: ref63
  doi: 10.1109/COMST.2018.2800740
– ident: ref117
  doi: 10.1016/j.cose.2017.11.013
– year: 2018
  ident: ref84
  publication-title: TensorFlow for Deep Learning From Linear Regression to Reinforcement Learning
– ident: ref18
  doi: 10.24963/ijcai.2017/214
– ident: ref76
  doi: 10.1109/ICMLA.2015.99
– start-page: 3104
  year: 2014
  ident: ref102
  article-title: Sequence to sequence learning with neural networks
  publication-title: Proc Adv Neural Inf Process Syst
– ident: ref78
  doi: 10.1007/978-3-319-25159-2_49
SSID ssj0003563
Score 2.6950276
Snippet The constantly increasing number of disclosed security vulnerabilities have become an important concern in the software industry and in the field of...
SourceID proquest
crossref
ieee
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 1825
SubjectTerms Artificial neural networks
Computer bugs
Computer security
Cybersecurity
Data mining
Deep learning
deep neural network (DNN)
Feature extraction
Literature reviews
Machine learning
machine learning (ML)
Machine translation
Neural networks
Open source software
representation learning
Semantics
Software engineering
Software reliability
software vulnerability
Source code
Speech recognition
Title Software Vulnerability Detection Using Deep Neural Networks: A Survey
URI https://ieeexplore.ieee.org/document/9108283
https://www.proquest.com/docview/2447554146
Volume 108
WOSCitedRecordID wos000574742200006&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVIEE
  databaseName: IEEE Electronic Library (IEL)
  customDbUrl:
  eissn: 1558-2256
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0003563
  issn: 0018-9219
  databaseCode: RIE
  dateStart: 19630101
  isFulltext: true
  titleUrlDefault: https://ieeexplore.ieee.org/
  providerName: IEEE
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LS8NAEB7a4kEPvqpYX-TgTaPJPpKsN6kWEaliVbyFZHYXhNJKmir99-5u06Aogrck7IbwbWYms5n5PoCjLOaScc39iObMZ0gDXygmfSQoCRGMoOvjfr6N-_3k5UXcN-Ck7oVRSrniM3VqD92_fDnGqd0qOzOhzSQItAnNOI7mvVq116W8Uk0LjQEbM1w0yATi7Ob-4a5rUkESnBrnS4mg34KQU1X54YpdfOmt_e_J1mG1-o70LuYLvwENNdqElS_sgm24GhgX-5EVynueDi25tKuDnXmXqnT1VyPP1QuYc_XmWZIOc7_-vCp8cu5deINp8a5mW_DUu3rsXvuVaoLBV_DSzxWXCckZZ3kikKPWYYQiDmJJokSxTERMZnmS5XkkQ4kZ1zoWSCKlJQplHMA2tEbjkdoBL9NorrJEa0GZ5Y1BhsglDfIEJZWiA-ECxhQrSnGrbDFMXWoRiNRBn1ro0wr6DhzXc97mhBp_jm5bsOuRFc4d2F-sVlrZ3CQllrvQqppHu7_P2oNl4sQs7AbKPrTKYqoOYAnfy9dJcehep096vshe
linkProvider IEEE
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LS8NAEB58gXrwLVar5uBNY9N9JFlvpVaq1lp84S0ks7sglFb6UPz37m7SoiiCtyTsJuHbzEwm-eYbgKM04pJxzf2QZsxnSANfKCZ9JCgJEYygq-N-akXtdvz8LDozcDKthVFKOfKZOrWb7l--7OPYfiqrmNBmEgQ6C_OcMRLk1VpTv0t50TetakzYGOKkRCYQlavO3W3dJIMkODXulxJBv4Uh11flhzN2EeZi9X_3tgYrxZukV8uXfh1mVG8Dlr_oC25C49442fd0oLyncdfKSzsm7Id3rkaOgdXzHGPA7KtXz8p0mPO1c1748MyreffjwZv62ILHi8ZDvekXfRMMwoKP_ExxGZOMcZbFAjlqXQ1RREEkSRgrloqQyTSL0ywLZVViyrWOBJJQaYlCGRewDXO9fk_tgJdqNEdZrLWgzCrHIEPkkgZZjJJKUYLqBMYEC1Fx29uim7jkIhCJgz6x0CcF9CU4ns55zSU1_hy9acGejixwLkF5slpJYXXDhFj1QtvXPNz9fdYhLDYfblpJ67J9vQdL9jo5Ma8Mc6PBWO3DAr6NXoaDA_dofQIQYsuj
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Software+Vulnerability+Detection+Using+Deep+Neural+Networks%3A+A+Survey&rft.jtitle=Proceedings+of+the+IEEE&rft.au=Lin%2C+Guanjun&rft.au=Wen%2C+Sheng&rft.au=Han%2C+Qing-Long&rft.au=Zhang%2C+Jun&rft.date=2020-10-01&rft.issn=0018-9219&rft.eissn=1558-2256&rft.volume=108&rft.issue=10&rft.spage=1825&rft.epage=1848&rft_id=info:doi/10.1109%2FJPROC.2020.2993293&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_JPROC_2020_2993293
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0018-9219&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0018-9219&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0018-9219&client=summon