In this paper, we design a technique for mapping the source code into a vector space and we show its application in the recognition of security weaknesses.By applying ideas commonly used in Natural Language Processing, we train a model for producing an embedding of programs starting from their Abstract Syntax Trees. We then show how such embedding is able to infer clusters roughly separating different classes of software weaknesses.Even if the training of the embedding is unsupervised and made on a generic Java dataset, we show that the model can be used for supervised learning of specific classes of vulnerabilities, helping to capture some features distinguishing them in code.Finally, we discuss how our model performs over the different types of vulnerabilities categorized by the CWE initiative.

(2020). A Neural Embedding for Source Code: Security Analysis and CWE Lists . Retrieved from https://hdl.handle.net/10446/265019

A Neural Embedding for Source Code: Security Analysis and CWE Lists

Saletta, Martina;
2020-01-01

Abstract

In this paper, we design a technique for mapping the source code into a vector space and we show its application in the recognition of security weaknesses.By applying ideas commonly used in Natural Language Processing, we train a model for producing an embedding of programs starting from their Abstract Syntax Trees. We then show how such embedding is able to infer clusters roughly separating different classes of software weaknesses.Even if the training of the embedding is unsupervised and made on a generic Java dataset, we show that the model can be used for supervised learning of specific classes of vulnerabilities, helping to capture some features distinguishing them in code.Finally, we discuss how our model performs over the different types of vulnerabilities categorized by the CWE initiative.
2020
Saletta, Martina; Ferretti, Claudio
File allegato/i alla scheda:
File Dimensione del file Formato  
paper_dasc20.pdf

Solo gestori di archivio

Versione: postprint - versione referata/accettata senza referaggio
Licenza: Licenza default Aisberg
Dimensione del file 904.25 kB
Formato Adobe PDF
904.25 kB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/265019
Citazioni
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 2
social impact