Deep Learning Based Vulnerability Detection: Are We There Yet?
نویسندگان
چکیده
Automated detection of software vulnerabilities is a fundamental problem in security. Existing program analysis techniques either suffer from high false positives or negatives. Recent progress Deep Learning (DL) has resulted surge interest applying DL for automated vulnerability detection. Several recent studies have demonstrated promising results achieving an accuracy up to 95 percent at detecting vulnerabilities. In this paper, we ask, “how well do the state-of-the-art DL-based perform real-world prediction scenario?” To our surprise, find that their performance drops by more than 50 percent. A systematic investigation what causes such precipitous drop reveals existing approaches challenges with training data (e.g., duplication, unrealistic distribution vulnerable classes, etc.) and model choices simple token-based models). As result, these often not learn features related actual cause Instead, they unrelated artifacts dataset specific variable/function names, etc.). Leveraging empirical findings, demonstrate how principled approach collection design, based on realistic settings prediction, can lead better solutions. The resulting tools significantly studied baseline—up 33.57 boost precision 128.38 recall compared best performing literature. Overall, paper elucidates systems’ potential issues draws roadmap future research.
منابع مشابه
Ubiquitous E-Learning: Are We There Yet?
The vision of ubiquitous computing suggests the seamless and unobtrusive availability of computer-based services. It is debatable whether e-learning has reached or is soon able to reach such a mature stage. The paper argues that ubiquitous information and communication technology does not constitute in itself a sufficient learning environment for everyone. Instead, it seems to be a long and win...
متن کامل"Are we there yet?".
Changes in laws are reflected – even foreshadowed on occasion – by the field’s scholarship. In the 1980s, there were few who recognized that adults with disabilities were an important resource in the education of students with disabilities or that issues of race and culture had consequence for identifying and delivering services to these children. It is striking that this special issue of the L...
متن کاملAre We There Yet?
Statistical approaches to Artificial Intelligence are behind most success stories of the field in the past decade. The idea of generating non-trivial behaviour by analysing vast amounts of data has enabled recommendation systems, search engines, spam filters, optical character recognition, machine translation and speech recognition, among other things. As we celebrate the spectacular achievemen...
متن کاملAre We There Yet?
Children in the back seat on a long trip are not the only ones asking the question “Are we there yet?” At Murray State University (MSU) and other universities starting new programs, the question becomes one of validation of the program. In the late 90s, MSU, a midsize university, was entrusted with the responsibility of developing a program of distinction with financial support from special sta...
متن کاملAre We There Yet?
've always been an avid traveler and often look forward to planning summer trips to faraway destinations. However , whether by train, plane, or automobile , long-distance travel for the majority of us usually comes with some degree of discomfort—long periods of time sitting in a seat with a limited selection of things to do. Fun traveling companions and a good book can help, but faced with a lo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Software Engineering
سال: 2022
ISSN: ['0098-5589', '1939-3520', '2326-3881']
DOI: https://doi.org/10.1109/tse.2021.3087402