Automated Vulnerability Detection Using Deep Learning Technique
Guan-Yan Yang, Yi-Heng Ko, Farn Wang, Kuo-Hui Yeh, Haw-Shiang Chang, Hsueh-Yi Chen
TL;DR
This paper presents a deep learning approach using CodeBERT and LSTM to improve the accuracy and scalability of vulnerability detection in Python code, specifically for SQL injection flaws.
Contribution
It introduces a novel deep learning framework combining CodeBERT and LSTM for more effective vulnerability detection compared to traditional static analysis tools.
Findings
Outperforms existing SAST tools in precision, recall, and F1-score.
Demonstrates scalability across multiple programming languages.
Shows significant improvement in detecting SQL injection vulnerabilities.
Abstract
Our work explores the utilization of deep learning, specifically leveraging the CodeBERT model, to enhance code security testing for Python applications by detecting SQL injection vulnerabilities. Unlike traditional security testing methods that may be slow and error-prone, our approach transforms source code into vector representations and trains a Long Short-Term Memory (LSTM) model to identify vulnerable patterns. When compared with existing static application security testing (SAST) tools, our model displays superior performance, achieving higher precision, recall, and F1-score. The study demonstrates that deep learning techniques, particularly with CodeBERT's advanced contextual understanding, can significantly improve vulnerability detection, presenting a scalable methodology applicable to various programming languages and vulnerability types.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection
MethodsCodeBERT