Top

Published in:

2024 | OriginalPaper | Chapter

17. Vulnerability Prediction of Web Applications from Source Code Based on Machine Learning and Deep Learning: Where Are At?

Authors : Mawulikplimi Florent Gnadjro, Samba Diaw

Published in: Mathematics of Computer Science, Cybersecurity and Artificial Intelligence

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This chapter delves into the critical issue of predicting vulnerabilities in web application source code using advanced machine learning and deep learning techniques. It begins by emphasizing the significant growth of web applications and the corresponding increase in software vulnerabilities, which pose severe security threats. The chapter then explores the limitations of traditional static analysis tools and the promising potential of machine learning and deep learning in automating vulnerability detection. It discusses innovative approaches such as using graphical representations of source code and deep learning models to enhance vulnerability prediction accuracy. Additionally, the chapter addresses the challenges and future research directions in this field, including the need for high-quality datasets and effective source code representation. The chapter concludes by highlighting the importance of integrating machine learning models into development tools to enhance vulnerability detection and remediation processes.

AI Generated

This summary of the content was generated with the help of AI.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Implementation of EdDSA in the Ethereum Blockchain

next chapter Business Process Management and Process Mining on the Large: Overview, Challenges, and Research Directions

Raducu, Razvan, Gonzalo Esteban, Francisco J. Rodríguez Lera, and Camino Fernández. 2020. “Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation” Applied Sciences 10, no. 4: 1270. https://doi.org/10.3390/app10041270

T. Marjanov, I. Pashchenko, and F. Massacci, “Machine Learning for Source Code Vulnerability Detection: What Works and What Isn’t There Yet,” IEEE Secur Priv, vol. 20, no. 5, pp. 60–76, 2022, doi: https://doi.org/10.1109/MSEC.2022.3176058.

A. Bagheri and P. Hegedűs, “A Comparison of Different Source Code Representation Methods for Vulnerability Prediction in Python,” Aug. 2021, Accessed: Feb. 17, 2024. [Online]. Available: https://doi.org/10.5281/zenodo.4703996

Z. Bilgin, M. A. Ersoy, E. U. Soykan, E. Tomur, P. Comak, and L. Karacay, “Vulnerability Prediction from Source Code Using Machine Learning,” IEEE Access, vol. 8, pp. 150672–150684, 2020, doi: https://doi.org/10.1109/ACCESS.2020.3016774.

Sarker, I.H. Deep Cybersecurity: A Comprehensive Overview from Neural Network and Deep Learning Perspective. SN COMPUT. SCI. 2, 154 (2021). https://doi.org/10.1007/s42979-021-00535-6CrossRef

https://www.vaadata.com/blog/fr/comment-renforcer-la-securite-de-vos-applications-web-pour-contrerles-attaques-les-plus-courantes/

The State of Open-Source Vulnerabilities 2021, https://www.mend.io/wp-content/media/2021/03/Thestate-of-open-source-vulnerabilities-2021-annual-report.pdf, (25 December 2021)

Cho, D. X., Son, V. N., & Duc, D. (2022). Automatically Detect Software Security Vulnerabilities Based on Natural Language Processing Techniques and Machine Learning Algorithms. Journal of ICT Research and Applications, 16(1), 70–87. https://doi.org/10.5614/itbj.ict.res.appl.2022.16.1.5.CrossRef

Dan Goodin, An NSA-derived ransomware worm is shutting down computers worldwide (2017) [cited 21.12.2020]. URL https://arstechnica.com/information-technology/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-world

10.

F. Yamaguchi, M. Lottmann, K. Rieck, Generalized Vulnerability extrapolation using abstract syntax trees, in: Proceedings of the 28th Annual Computer Security Applications Conference, 2012, pp. 359–368

11.

K. Zhang, W. Wang, H. Zhang, G. Li and Z. Jin, “Learning to Represent Programs with Heterogeneous Graphs,” 2022 IEEE/ACM 30th International Conference on Program Comprehension (ICPC), Pittsburgh, PA, USA, 2022, pp. 378–389, doi: https://doi.org/10.1145/3524610.3527905.

12.

S. Singh, “CyberSecurity (CybSec) Automated Vulnerability Detection in Java Source Code using J-CPG and Graph Neural Network,” 2021.

13.

T. Marjanov, I. Pashchenko, and F. Massacci, “Machine Learning for Source Code Vulnerability Detection: What Works and What Isn’t There Yet,” IEEE Secur Priv, vol. 20, n o5, p. 60–76, 2022, doi: https://doi.org/10.1109/MSEC.2022.3176058

14.

R. Jenni, “Better Code Representation for Machine Learning,” 2022.

15.

Y. Wainakh, M. Rauf, and M. Pradel, “EVALUATING SEMANTIC REPRESENTATIONS OF SOURCE CODE”, Accessed: Sep. 29, 2023. [Online]. Available: https://github.com/sola-st/IdBench

16.

R. Halepmollası, K. Hanifi, R. F. Fouladi, and A. Tosun, “A Comparison of Source Code Representation Methods to Predict Vulnerability Inducing Code Changes,” in International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings, Science and Technology Publications, Lda, 2023, pp. 469–478. doi: https://doi.org/10.5220/0011859300003464.

17.

R. L. Alaoui and E. H. Nfaoui, “Deep Learning for Vulnerability and Attack Detection on Web Applications: A Systematic Literature Review,” Future Internet, vol. 14, n o4. MDPI, 1 avril 2022. doi: https://doi.org/10.3390/fi14040118.

18.

Jabeen, G., Rahim, S., Afzal, W. et al. Machine learning techniques for software vulnerability prediction: a comparative study. Appl Intell 52, 17614–17635 (2022). https://doi.org/10.1007/s10489-022-03350-5CrossRef

19.

G. Bhandari, A. Naseer, and L. Moonen, “CVEfixes: Automated collection of vulnerabilities and their fixes from open-source software,” in PROMISE 2021 - Proceedings of the 17th International Conference on Predictive Models and Data Analytics in Software Engineering, co-located with ESEC/FSE 2021, Association for Computing Machinery, Inc., Aug. 2021, pp. 30–39. doi: https://doi.org/10.1145/3475960.3475985.

20.

D. Grahn and J. Zhang, “An Analysis of C/C++ Datasets for Machine Learning-Assisted Software Vulnerability Detection,” 2021.

21.

Quang-Cuong Bui, Riccardo Scandariato, and Nicolás E. Díaz Ferreyra, “Vul4J,” 2022.

Title: Vulnerability Prediction of Web Applications from Source Code Based on Machine Learning and Deep Learning: Where Are At?
Authors: Mawulikplimi Florent Gnadjro
Samba Diaw
Publisher: Springer Nature Switzerland
Book: Mathematics of Computer Science, Cybersecurity and Artificial Intelligence
Print ISBN: 978-3-031-66221-8

Electronic ISBN: 978-3-031-66222-5

Copyright Year: 2024
DOI: https://doi.org/10.1007/978-3-031-66222-5_17

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"