SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities

Citation Author(s):
Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Yawei Zhu, Zhaoxuan Chen, Sujuan Wang, Jialai Wang
Submitted by:
Zhen Li
Last updated:
Thu, 11/08/2018 - 10:34
DOI:
10.21227/fhg0-1b35
License:
941 Views
Citations:
1
Categories:
0
0 ratings - Please login to submit your rating.

Abstract 

We propose a general framework for using deep learning to detect vulnerabilities, named SySeVR. For evaluate the SySeVR, we collect the Semantics-based Vulnerability Candidate (SeVC) dataset, which contains all kinds of vulnerabilities that are available from the National Vulnerability Database (NVD) and the Software Assurance Reference Dataset (SARD).

 

At a high level, the Syntax-based Vulnerability Candidate (SyVC) representation corresponds to a piece of code in a program that may be vulnerable based on a syntax analysis. The SeVC representation corresponds to the extended statements of the SyVCs, with the extension to incorporate some of the other statements that are semantically related to the SyVCs.

 

SeVC dataset focuses on 1,592 open source C/C++ programs from the NVD and 14,000 programs from the SARD. It contains 420,627 SeVCs, including 56,395 vulnerable SeVCs and 364,232 SeVCs that are not vulnerable. Four types of SyVCs are involved.

 

(1) Library/API Function Call : This accommodates the vulnerabilities that are related to library/API function calls.

 

(2) Array Usage: This accommodates the vulnerabilities that are related to arrays (e.g., improper use in array element access, array address arithmetic, address transfer as a function parameter).

 

(3) Pointer Usage: This accommodates the vulnerabilities that are related to pointers (e.g., improper use in pointer arithmetic, reference, address transfer as a function parameter).

 

(4) Arithmetic Expression: This accommodates the vulnerabilities that are related to improper arithmetic expressions (e.g., integer overflow).

Instructions: 

The dataset of SeVCs for each type of SyVCs correspond to a .txt file, named by the type of SyVCs.

The 126 types of vulnerabilities (CWE IDs) and the 811 C/C++ library/API function calls involved in the present dataset are listed in separate .docx files.