Hanif, Hazim and Nasir, Mohd Hairul Nizam Md. and Ab Razak, Mohd Faizal and Firdaus, Ahmad and Anuar, Nor Badrul (2021) The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches. Journal of Network and Computer Applications, 179. ISSN 1084-8045, DOI https://doi.org/10.1016/j.jnca.2021.103009.
Full text not available from this repository.Abstract
The detection of software vulnerability requires critical attention during the development phase to make it secure and less vulnerable. Vulnerable software always invites hackers to perform malicious activities and disrupt the operation of the software, which leads to millions in financial losses to software companies. In order to reduce the losses, there are many reliable and effective vulnerability detection systems introduced by security communities aiming to detect the software vulnerabilities as early as in the development or testing phases. To summarise the software vulnerability detection system, existing surveys discussed the conventional and data mining approaches. These approaches are widely used and mostly consist of traditional detection techniques. However, they lack discussion on the newly trending machine learning approaches, such as supervised learning and deep learning techniques. Furthermore, existing studies fail to discuss the growing research interest in the software vulnerability detection community throughout the years. With more discussion on this, we can predict and focus on what are the research problems in software vulnerability detection that need to be urgently addressed. Aiming to reduce these gaps, this paper presents the research interests? taxonomy in software vulnerability detection, such as methods, detection, features, code and dataset. The research interest categories exhibit current trends in software vulnerability detection. The analysis shows that there is considerable interest in addressing methods and detection problems, while only a few are interested in code and dataset problems. This indicates that there is still much work to be done in terms of code and dataset problems in the future. Furthermore, this paper extends the machine learning approaches taxonomy, which is used to detect the software vulnerabilities, like supervised learning, semi-supervised learning, ensemble learning and deep learning. Based on the analysis, supervised learning and deep learning approaches are trending in the software vulnerability detection community as these techniques are able to detect vulnerabilities such as buffer overflow, SQL injection and cross-site scripting effectively with a significant detection performance, up to 95% of F1 score. Finally, this paper concludes with several discussions on potential future work in software vulnerability detection in terms of datasets, multi-vulnerabilities detection, transfer learning and real-world applications.
Item Type: | Article |
---|---|
Funders: | University of Malaya Research Grant Programme (UMRG) [RF008D-2018], Ministry of Education, Malaysia [RACER/1/2019/ICT03/UMP/2] |
Uncontrolled Keywords: | Software vulnerability detection; Software security; Computer security; Machine learning; Deep learning |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software |
Divisions: | Faculty of Computer Science & Information Technology > Department of Computer System & Technology |
Depositing User: | Ms Zaharah Ramly |
Date Deposited: | 25 Jul 2022 06:24 |
Last Modified: | 25 Jul 2022 06:24 |
URI: | http://eprints.um.edu.my/id/eprint/28140 |
Actions (login required)
View Item |