Automated Vulnerability Detection in Source Code Using Deep Representation Learning

TL;DR

This paper introduces a CNN-based model for detecting bugs in C source code, trained on diverse datasets, achieving high recall and low false positives, thus improving automated vulnerability detection.

Contribution

The work develops a specialized CNN model for C code vulnerability detection, utilizing dual datasets and optimized tokenization, with improved recall and low false positives compared to prior methods.

Findings

Higher recall than previous work on benchmark datasets

Effective detection of real vulnerabilities in complex code

Low false-positive rate in vulnerability identification

Abstract

Each year, software vulnerabilities are discovered, which pose significant risks of exploitation and system compromise. We present a convolutional neural network model that can successfully identify bugs in C code. We trained our model using two complementary datasets: a machine-labeled dataset created by Draper Labs using three static analyzers and the NIST SATE Juliet human-labeled dataset designed for testing static analyzers. In contrast with the work of Russell et al. on these datasets, we focus on C programs, enabling us to specialize and optimize our detection techniques for this language. After removing duplicates from the dataset, we tokenize the input into 91 token categories. The category values are converted to a binary vector to save memory. Our first convolution layer is chosen so that the entire encoding of the token is presented to the filter. We use two convolution and pooling layers followed by two fully connected layers to classify programs into either a common weakness enumeration category or as ``clean.'' We obtain higher recall than prior work by Russell et al. on this dataset when requiring high precision. We also demonstrate on a custom Linux kernel dataset that we are able to find real vulnerabilities in complex code with a low false-positive rate.