A Neural Embedding for Source Code: Security Analysis and CWE Lists

In this paper, we design a technique for mapping the source code into a vector space and we show its application in the recognition of security weaknesses.By applying ideas commonly used in Natural Language Processing, we train a model for producing an embedding of programs starting from their Abstract Syntax Trees. We then show how such embedding is able to infer clusters roughly separating different classes of software weaknesses.Even if the training of the embedding is unsupervised and made on a generic Java dataset, we show that the model can be used for supervised learning of specific classes of vulnerabilities, helping to capture some features distinguishing them in code.Finally, we discuss how our model performs over the different types of vulnerabilities categorized by the CWE initiative.

(2020). A Neural Embedding for Source Code: Security Analysis and CWE Lists . Retrieved from https://hdl.handle.net/10446/265019

A Neural Embedding for Source Code: Security Analysis and CWE Lists

Saletta, Martina;Ferretti, Claudio

2020-01-01

Abstract

In this paper, we design a technique for mapping the source code into a vector space and we show its application in the recognition of security weaknesses.By applying ideas commonly used in Natural Language Processing, we train a model for producing an embedding of programs starting from their Abstract Syntax Trees. We then show how such embedding is able to infer clusters roughly separating different classes of software weaknesses.Even if the training of the embedding is unsupervised and made on a generic Java dataset, we show that the model can be used for supervised learning of specific classes of vulnerabilities, helping to capture some features distinguishing them in code.Finally, we discuss how our model performs over the different types of vulnerabilities categorized by the CWE initiative.

Scheda breve

Scheda completa

Scheda completa (DC)

	Data di pubblicazione
	
				2020
			
	Tutti gli autori
	
						Saletta, Martina; Ferretti, Claudio
					
	Nelle collezioni:
	
				1.4.01 Contributi in atti di convegno - Conference presentations

File allegato/i alla scheda:

File	Dimensione del file	Formato
paper_dasc20.pdf Solo gestori di archivio Versione: postprint - versione referata/accettata senza referaggio Licenza: Licenza default Aisberg Dimensione del file 904.25 kB Formato Adobe PDF Visualizza/Apri	904.25 kB	Adobe PDF	Visualizza/Apri

Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/265019

Citazioni

4

2

social impact