Security Vulnerability Detection Using Deep Learning Natural Language Processing
This addresses the challenge of automated vulnerability detection for software security, but it is incremental as it applies existing deep learning NLP methods to a new domain.
The paper tackled the problem of detecting security vulnerabilities in software by modeling it as a natural language processing task using source code as text, achieving over 93% accuracy on a dataset of over 100,000 C files with 123 vulnerability types.
Detecting security vulnerabilities in software before they are exploited has been a challenging problem for decades. Traditional code analysis methods have been proposed, but are often ineffective and inefficient. In this work, we model software vulnerability detection as a natural language processing (NLP) problem with source code treated as texts, and address the automated software venerability detection with recent advanced deep learning NLP models assisted by transfer learning on written English. For training and testing, we have preprocessed the NIST NVD/SARD databases and built a dataset of over 100,000 files in $C$ programming language with 123 types of vulnerabilities. The extensive experiments generate the best performance of over 93\% accuracy in detecting security vulnerabilities.