Software vulnerabilities are prevalent across all systems that are built using source codes, causing a variety of problems including deadlock, hacking or even system failures. Thus, early predictions of vulnerabilities are critical for security software systems.
To help combat this, Faculty of Information Technology experts developed the LineVul approach and found it increased accuracy in predicting software vulnerabilities by more than 300% while spending only half the usual amount of time and effort, when compared to current best-in-class prediction tools.
LineVul is also able to guard against the top 25 most dangerous and common weaknesses in source codes, and can be applied broadly to strengthen cybersecurity across any application built with source code.
Research co-author Dr. Chakkrit Tantithamthavorn, from the Faculty of Information Technology (IT), said standard software programs contain millions to billions of lines of code and it often takes a significant amount of time to identify and rectify vulnerabilities.
“Current state-of-the-art machine learning-based vulnerability prediction tools are still inaccurate and are only able to identify general areas of weakness in the source codes,” Dr. Tantithamthavorn said.
“With the proposed LineVul approach we are not only able to predict the most critical areas of vulnerability but also are able to specifically identify the location of vulnerabilities down to the exact line of code.”
Research co-author Ph.D. candidate Michael Fu said the LineVul approach was tested against large-scale real-world datasets with more than 188 thousand lines of software code.
“Software developers normally spend a substantial amount of time trying to identify vulnerabilities in code either during the development process or after the program has been implemented. The existence of vulnerabilities, especially after the implementation of the program, can potentially expose software systems to dangerous cyberattacks.
“The LineVul approach can be broadly applied across any software system to strengthen applications against cyberattacks and can be a significant tool for developers especially in safety-critical areas like software used by the Australian government, defense, finance sectors etc.”
Future research building on the LineVul approach includes the development of new methods to automatically suggest corrections for vulnerabilities in software code.
Using machine learning to detect software vulnerabilities
More information:
LineVul: A Transformer-based Line-Level Vulnerability Prediction. www.researchgate.net/publicati … erability_Prediction
LineVul: A Transformer-based Line-Level Vulnerability Prediction. www.researchgate.net/publicati … erability_Prediction
Citation:
Unglitching the system: Advancement in predicting software vulnerabilities (2022, May 19)
retrieved 20 May 2022
from https://techxplore.com/news/2022-05-unglitching-advancement-software-vulnerabilities.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
