SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities

SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities

Citation Author(s):
Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Yawei Zhu, Zhaoxuan Chen, Sujuan Wang, Jialai Wang
Submitted by:
Zhen Li
Last updated:
Thu, 11/08/2018 - 10:34
DOI:
10.21227/fhg0-1b35
License:
Dataset Views:
196
Share / Embed Cite

CATEGORIES

Abstract: 

We propose a general framework for using deep learning to detect vulnerabilities, named SySeVR. For evaluate the SySeVR, we collect the Semantics-based Vulnerability Candidate (SeVC) dataset, which contains all kinds of vulnerabilities that are available from the National Vulnerability Database (NVD) and the Software Assurance Reference Dataset (SARD).

 

At a high level, the Syntax-based Vulnerability Candidate (SyVC) representation corresponds to a piece of code in a program that may be vulnerable based on a syntax analysis. The SeVC representation corresponds to the extended statements of the SyVCs, with the extension to incorporate some of the other statements that are semantically related to the SyVCs.

 

SeVC dataset focuses on 1,592 open source C/C++ programs from the NVD and 14,000 programs from the SARD. It contains 420,627 SeVCs, including 56,395 vulnerable SeVCs and 364,232 SeVCs that are not vulnerable. Four types of SyVCs are involved.

 

(1) Library/API Function Call : This accommodates the vulnerabilities that are related to library/API function calls.

 

(2) Array Usage: This accommodates the vulnerabilities that are related to arrays (e.g., improper use in array element access, array address arithmetic, address transfer as a function parameter).

 

(3) Pointer Usage: This accommodates the vulnerabilities that are related to pointers (e.g., improper use in pointer arithmetic, reference, address transfer as a function parameter).

 

(4) Arithmetic Expression: This accommodates the vulnerabilities that are related to improper arithmetic expressions (e.g., integer overflow).

Instructions: 

The dataset of SeVCs for each type of SyVCs correspond to a .txt file, named by the type of SyVCs.

The 126 types of vulnerabilities (CWE IDs) and the 811 C/C++ library/API function calls involved in the present dataset are listed in separate .docx files.

Dataset Files

You must be an IEEE Dataport Subscriber to access these files. Login or subscribe now. Sign up to be a Beta Tester and receive a coupon code for a free subscription to IEEE DataPort!

Embed this dataset on another website

Copy and paste the HTML code below to embed your dataset:

Share via email or social media

Click the buttons below:

facebooktwittermailshare
[1] Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Yawei Zhu, Zhaoxuan Chen, Sujuan Wang, Jialai Wang, "SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities", IEEE Dataport, 2018. [Online]. Available: http://dx.doi.org/10.21227/fhg0-1b35. Accessed: Aug. 24, 2019.
@data{fhg0-1b35-18,
doi = {10.21227/fhg0-1b35},
url = {http://dx.doi.org/10.21227/fhg0-1b35},
author = {Zhen Li; Deqing Zou; Shouhuai Xu; Hai Jin; Yawei Zhu; Zhaoxuan Chen; Sujuan Wang; Jialai Wang },
publisher = {IEEE Dataport},
title = {SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities},
year = {2018} }
TY - DATA
T1 - SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities
AU - Zhen Li; Deqing Zou; Shouhuai Xu; Hai Jin; Yawei Zhu; Zhaoxuan Chen; Sujuan Wang; Jialai Wang
PY - 2018
PB - IEEE Dataport
UR - 10.21227/fhg0-1b35
ER -
Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Yawei Zhu, Zhaoxuan Chen, Sujuan Wang, Jialai Wang. (2018). SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities. IEEE Dataport. http://dx.doi.org/10.21227/fhg0-1b35
Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Yawei Zhu, Zhaoxuan Chen, Sujuan Wang, Jialai Wang, 2018. SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities. Available at: http://dx.doi.org/10.21227/fhg0-1b35.
Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Yawei Zhu, Zhaoxuan Chen, Sujuan Wang, Jialai Wang. (2018). "SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities." Web.
1. Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Yawei Zhu, Zhaoxuan Chen, Sujuan Wang, Jialai Wang. SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities [Internet]. IEEE Dataport; 2018. Available from : http://dx.doi.org/10.21227/fhg0-1b35
Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Yawei Zhu, Zhaoxuan Chen, Sujuan Wang, Jialai Wang. "SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities." doi: 10.21227/fhg0-1b35