Abstract
In today’s swiftly evolving digital environment, the security and dependability of software applications are crucial. In light of industries’ increasing reliance on software, identifying and mitigating vulnerabilities is essential for protecting data, systems, and user trust. With data-driven methodologies, there is increased interest in using Artificial Intelligence (AI) and Machine Learning (ML) for software assurance to construct trustworthy software systems. This research addresses the urgent need for an automated and comprehensive approach to code resolution and vulnerability detection, providing a robust solution to improve software security and reduce potential risks. Code resolution is implemented by fine-tuning Large Language Models (LLM) like Generative Pre-Trained Transformers (GPT)-2, Text-to-Text Transfer Transformers (T5), Bidirectional Encoder Representations from Transformers (BERT), and Large Language Model Meta AI (LLaMA). Secondly, vulnerable code detection plays a crucial role in evaluating the correctness of resolved code and identifying any remaining vulnerabilities. This essential step not only validates the efficacy of code resolution but also identifies areas where additional mitigation efforts are required. Utilizing Deep Learning (DL) models, the top performer of the study, Convolutional Neural Network (CNN), achieved a remarkable 93% accuracy rate, demonstrating its prowess in protecting software applications against potential attacks.
Similar content being viewed by others
Data availability
The reffered data set are available in public domain, and are cited.
References
Iqbal J, Firdous T, Shrivastava AK, Saraf I (2022) Modelling and predicting software vulnerabilities using a sigmoid function. Int J Inf Technol 14(2):649–655
Kyatam S, Alhayajneh A, Hayajneh T (2017) Heartbleed attacks implementation and vulnerability. In: (2017) IEEE Long Island Systems, Applications and Technology Conference (LISAT). IEEE. pp 1–6
Hiesgen R, Nawrocki M, Schmidt TC, Wählisch M (2022) The race to the vulnerable: Measuring the log4j shell incident. arXiv preprintarXiv:2205.02544
Akyildiz TA, Guzgeren CB, Yilmaz C, Savas E (2020) Meltdowndetector: a runtime approach for detecting meltdown attacks. Future Gener Comput Syst 112:136–147
Raizada S, Matwani LG, Singh Y (2023) Remote code execution: a major threat to data loss. Futuristic technology perspectives on entrepreneurship and sustainable innovation. IGI Global, pp 181–188
Forsgren N, Alberts B, Backhouse K, Baker G, Cecarelli G, Jedamski D, Kelly S, Sullivan C (2021) 2020 state of the octoverse: Securing the world’s software. arXiv preprintarXiv:2110.10246
Tyagi S, Kumar D, Kumar S (2019) Open source software: analysis of available reliability models keeping security in the forefront. Int J Inf Technol 14:1041–1050
Kocaman Y, Gönen S, Barişkan MA, Karacayilmaz G, Yilmaz EN (2022) A novel approach to continuous cve analysis on enterprise operating systems for system vulnerability assessment. Int J Inf Technol 14(3):1433–1443
Bilgin Z, Tomur E, Ersoy MA, Soykan EU (2019) Statistical appliance inference in the smart grid by machine learning. In: 2019 IEEE 30th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC Workshops). IEEE. pp 1–7
Zhou Y, Liu S, Siow J, Du X, Liu Y (2019) Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In: Advances in neural information processing systems, vol. 32
Sharma D, Chandra P (2019) A comparative analysis of soft computing techniques in software fault prediction model development. Int J Inf Technol 11:37–46
Neuhaus S, Zimmermann T, Holler C, Zeller A (2007) Predicting vulnerable software components. In: Proceedings of the 14th ACM conference on Computer and communications security. pp 529–540
Jimenez M (2018) Evaluating vulnerability prediction models. Ph.D. dissertation, University of Luxembourg, Luxembourg
Chen Z, Kommrusch S, Monperrus M (2022) Neural transfer learning for repairing security vulnerabilities in c code. IEEE Trans Softw Eng 49(1):147–165
Chakraborty S, Krishna R, Ding Y, Ray B (2021) Deep learning based vulnerability detection: are we there yet. IEEE Trans Softw Eng 48(9):3280–3296
Bilgin Z, Ersoy MA, Soykan EU, Tomur E, Çomak P, Karaçay L (2020) Vulnerability prediction from source code using machine learning. IEEE Access 8:150672–150684
Grishina A (2022) Enabling automatic repair of source code vulnerabilities using data-driven methods. In: Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings. pp 275–277
Mahyari A (2022) A hierarchical deep neural network for detecting lines of codes with vulnerabilities. In: 2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C). IEEE. pp 1–7
Li Z, Zou D, Xu S, Chen Z, Zhu Y, Jin H (2021) Vuldeelocator: a deep learning-based fine-grained vulnerability detector. IEEE Trans Dependable Secur Comput 19(4):2821–2837
Sharma A, Bawa R (2022) Identification and integration of security activities for secure agile development. Int J Inf Technol 14(2):1117–1130
Russell R, Kim L, Hamilton L, Lazovich T, Harer J, Ozdemir O, Ellingwood P, McConley M (2018) Automated vulnerability detection in source code using deep representation learning,” in, (2018) 17th IEEE international conference on machine learning and applications (ICMLA). IEEE. pp 757–762
Black PE et al. (2017) Sard: Thousands of reference programs for software assurance. J Cyber Secur Inf Syst Tools Test Tech Assur Softw Dod Softw Assur Community Pract 2(5)
Li Z, Zou D, Xu S, Ou X, Jin H, Wang S, Deng Z, Zhong Y (2018) Vuldeepecker: A deep learning-based system for vulnerability detection. arXiv preprintarXiv:1801.01681
Li Z, Zou D, Xu S, Jin H, Zhu Y, Chen Z (2021) Sysevr: a framework for using deep learning to detect software vulnerabilities. IEEE Trans Dependable Secur Comput 19(4):2244–2258
Booth H, Rike D, Witte GA (2013) The national vulnerability database (nvd): Overview
Bhandari G, Naseer A, Moonen L (2021) CVEfixes: Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software. In: Proceedings of the 17th International Conference on Predictive Models and Data Analytics in Software Engineering (PROMISE ’21). ACM, p 10
NIST (2017) Juliet test suite v1.3, 2017. [Online]. Available: https://samate.nist.gov/SRD/testsuite. PHP
Kiranyaz S, Avci O, Abdeljaber O, Ince T, Gabbouj M, Inman DJ (2021) 1d convolutional neural networks and applications: a survey. Mech Syst Signal Process 151:107398
Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780
Cui Z, Ke R, Pu Z, Wang Y (2018) Deep bidirectional and unidirectional lstm recurrent neural network for network-wide traffic speed prediction. arXiv preprintarXiv:1801.02143
Acknowledgements
The authors are thankful for the support provided by the Centre of Excellence (CoE) in Complex and Nonlinear Dynamical Systems (CNDS) Lab, VJTI.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Sindhwad, P.V., Ranka, P., Muni, S. et al. VulnArmor: mitigating software vulnerabilities with code resolution and detection techniques. Int. j. inf. tecnol. (2024). https://doi.org/10.1007/s41870-024-01775-4
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s41870-024-01775-4