Skip to main content
SpringerLink
Log in

VulnArmor: mitigating software vulnerabilities with code resolution and detection techniques

  • Original Research
  • Published:
International Journal of Information Technology Aims and scope Submit manuscript

Abstract

In today’s swiftly evolving digital environment, the security and dependability of software applications are crucial. In light of industries’ increasing reliance on software, identifying and mitigating vulnerabilities is essential for protecting data, systems, and user trust. With data-driven methodologies, there is increased interest in using Artificial Intelligence (AI) and Machine Learning (ML) for software assurance to construct trustworthy software systems. This research addresses the urgent need for an automated and comprehensive approach to code resolution and vulnerability detection, providing a robust solution to improve software security and reduce potential risks. Code resolution is implemented by fine-tuning Large Language Models (LLM) like Generative Pre-Trained Transformers (GPT)-2, Text-to-Text Transfer Transformers (T5), Bidirectional Encoder Representations from Transformers (BERT), and Large Language Model Meta AI (LLaMA). Secondly, vulnerable code detection plays a crucial role in evaluating the correctness of resolved code and identifying any remaining vulnerabilities. This essential step not only validates the efficacy of code resolution but also identifies areas where additional mitigation efforts are required. Utilizing Deep Learning (DL) models, the top performer of the study, Convolutional Neural Network (CNN), achieved a remarkable 93% accuracy rate, demonstrating its prowess in protecting software applications against potential attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Algorithm 1
Fig. 4
Algorithm 2
Fig. 5
Algorithm 3
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data availability

The reffered data set are available in public domain, and are cited.

References

  1. Iqbal J, Firdous T, Shrivastava AK, Saraf I (2022) Modelling and predicting software vulnerabilities using a sigmoid function. Int J Inf Technol 14(2):649–655

    Google Scholar 

  2. Kyatam S, Alhayajneh A, Hayajneh T (2017) Heartbleed attacks implementation and vulnerability. In: (2017) IEEE Long Island Systems, Applications and Technology Conference (LISAT). IEEE. pp 1–6

  3. Hiesgen R, Nawrocki M, Schmidt TC, Wählisch M (2022) The race to the vulnerable: Measuring the log4j shell incident. arXiv preprintarXiv:2205.02544

  4. Akyildiz TA, Guzgeren CB, Yilmaz C, Savas E (2020) Meltdowndetector: a runtime approach for detecting meltdown attacks. Future Gener Comput Syst 112:136–147

    Article  Google Scholar 

  5. Raizada S, Matwani LG, Singh Y (2023) Remote code execution: a major threat to data loss. Futuristic technology perspectives on entrepreneurship and sustainable innovation. IGI Global, pp 181–188

    Chapter  Google Scholar 

  6. Forsgren N, Alberts B, Backhouse K, Baker G, Cecarelli G, Jedamski D, Kelly S, Sullivan C (2021) 2020 state of the octoverse: Securing the world’s software. arXiv preprintarXiv:2110.10246

  7. Tyagi S, Kumar D, Kumar S (2019) Open source software: analysis of available reliability models keeping security in the forefront. Int J Inf Technol 14:1041–1050

    Google Scholar 

  8. Kocaman Y, Gönen S, Barişkan MA, Karacayilmaz G, Yilmaz EN (2022) A novel approach to continuous cve analysis on enterprise operating systems for system vulnerability assessment. Int J Inf Technol 14(3):1433–1443

    Google Scholar 

  9. Bilgin Z, Tomur E, Ersoy MA, Soykan EU (2019) Statistical appliance inference in the smart grid by machine learning. In: 2019 IEEE 30th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC Workshops). IEEE. pp 1–7

  10. Zhou Y, Liu S, Siow J, Du X, Liu Y (2019) Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In: Advances in neural information processing systems, vol. 32

  11. Sharma D, Chandra P (2019) A comparative analysis of soft computing techniques in software fault prediction model development. Int J Inf Technol 11:37–46

    Google Scholar 

  12. Neuhaus S, Zimmermann T, Holler C, Zeller A (2007) Predicting vulnerable software components. In: Proceedings of the 14th ACM conference on Computer and communications security. pp 529–540

  13. Jimenez M (2018) Evaluating vulnerability prediction models. Ph.D. dissertation, University of Luxembourg, Luxembourg

  14. Chen Z, Kommrusch S, Monperrus M (2022) Neural transfer learning for repairing security vulnerabilities in c code. IEEE Trans Softw Eng 49(1):147–165

    Article  Google Scholar 

  15. Chakraborty S, Krishna R, Ding Y, Ray B (2021) Deep learning based vulnerability detection: are we there yet. IEEE Trans Softw Eng 48(9):3280–3296

    Article  Google Scholar 

  16. Bilgin Z, Ersoy MA, Soykan EU, Tomur E, Çomak P, Karaçay L (2020) Vulnerability prediction from source code using machine learning. IEEE Access 8:150672–150684

    Article  Google Scholar 

  17. Grishina A (2022) Enabling automatic repair of source code vulnerabilities using data-driven methods. In: Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings. pp 275–277

  18. Mahyari A (2022) A hierarchical deep neural network for detecting lines of codes with vulnerabilities. In: 2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C). IEEE. pp 1–7

  19. Li Z, Zou D, Xu S, Chen Z, Zhu Y, Jin H (2021) Vuldeelocator: a deep learning-based fine-grained vulnerability detector. IEEE Trans Dependable Secur Comput 19(4):2821–2837

    Article  Google Scholar 

  20. Sharma A, Bawa R (2022) Identification and integration of security activities for secure agile development. Int J Inf Technol 14(2):1117–1130

    Google Scholar 

  21. Russell R, Kim L, Hamilton L, Lazovich T, Harer J, Ozdemir O, Ellingwood P, McConley M (2018) Automated vulnerability detection in source code using deep representation learning,” in, (2018) 17th IEEE international conference on machine learning and applications (ICMLA). IEEE. pp 757–762

  22. Black PE et al. (2017) Sard: Thousands of reference programs for software assurance. J Cyber Secur Inf Syst Tools Test Tech Assur Softw Dod Softw Assur Community Pract 2(5)

  23. Li Z, Zou D, Xu S, Ou X, Jin H, Wang S, Deng Z, Zhong Y (2018) Vuldeepecker: A deep learning-based system for vulnerability detection. arXiv preprintarXiv:1801.01681

  24. Li Z, Zou D, Xu S, Jin H, Zhu Y, Chen Z (2021) Sysevr: a framework for using deep learning to detect software vulnerabilities. IEEE Trans Dependable Secur Comput 19(4):2244–2258

    Article  Google Scholar 

  25. Booth H, Rike D, Witte GA (2013) The national vulnerability database (nvd): Overview

  26. Bhandari G, Naseer A, Moonen L (2021) CVEfixes: Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software. In: Proceedings of the 17th International Conference on Predictive Models and Data Analytics in Software Engineering (PROMISE ’21). ACM, p 10

  27. NIST (2017) Juliet test suite v1.3, 2017. [Online]. Available: https://samate.nist.gov/SRD/testsuite. PHP

  28. Kiranyaz S, Avci O, Abdeljaber O, Ince T, Gabbouj M, Inman DJ (2021) 1d convolutional neural networks and applications: a survey. Mech Syst Signal Process 151:107398

    Article  Google Scholar 

  29. Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780

    Article  CAS  PubMed  Google Scholar 

  30. Cui Z, Ke R, Pu Z, Wang Y (2018) Deep bidirectional and unidirectional lstm recurrent neural network for network-wide traffic speed prediction. arXiv preprintarXiv:1801.02143

Download references

Acknowledgements

The authors are thankful for the support provided by the Centre of Excellence (CoE) in Complex and Nonlinear Dynamical Systems (CNDS) Lab, VJTI.

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, Veermata Jijabai Technological Institute, Mumbai, 400019, India

    Parul V. Sindhwad & Faruk Kazi

  2. D.J. Sanghvi College of Engineering, Mumbai, India

    Prateek Ranka & Siddhi Muni

Authors
  1. Parul V. Sindhwad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Prateek Ranka
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Siddhi Muni
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Faruk Kazi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Parul V. Sindhwad.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sindhwad, P.V., Ranka, P., Muni, S. et al. VulnArmor: mitigating software vulnerabilities with code resolution and detection techniques. Int. j. inf. tecnol. (2024). https://doi.org/10.1007/s41870-024-01775-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s41870-024-01775-4

Keywords

Search

Navigation