基于深度学习的源代码缺陷检测研究综述

doi:10.13328/j.cnki.jos.006696

微信服务号

微信订阅号

2025年3月31日 18:06 星期一

首页 > 过刊浏览>2023年第34卷第2期 >625-654. DOI:10.13328/j.cnki.jos.006696

PDF HTML阅读 XML下载导出引用引用提醒

基于深度学习的源代码缺陷检测研究综述
DOI:
                        10.13328/j.cnki.jos.006696
                    
CSTR:
                        
                    
作者:
                        邓枭邓枭
北京大学 软件与微电子学院, 北京 100871;软件工程国家工程研究中心(北京大学), 北京 100871
在期刊界中查找
在百度中查找
在本站中查找
叶蔚叶蔚
软件工程国家工程研究中心(北京大学), 北京 100871
在期刊界中查找
在百度中查找
在本站中查找
谢睿谢睿
软件工程国家工程研究中心(北京大学), 北京 100871;北京大学 信息科学技术学院, 北京 100871
在期刊界中查找
在百度中查找
在本站中查找
张世琨张世琨
软件工程国家工程研究中心(北京大学), 北京 100871
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:邓枭(1995－),男,博士生,主要研究领域为缺陷自动检测;叶蔚(1985－),男,博士,副研究员,主要研究领域为自然语言处理,程序语言理解,软件安全;谢睿(1991－),男,博士,助理研究员,主要研究领域为程序语言理解,缺陷自动检测;张世琨(1969－),男,博士,研究员,博士生导师,CCF高级会员,主要研究领域为知识计算,软件工程,软件安全
通讯作者:叶蔚，wye@pku.edu.cn
中图分类号:
基金项目:

Survey of Source Code Bug Detection Based on Deep Learning

Author:

DENG Xiao
DENG Xiao
School of Software and Microelectronics, Peking University, Beijing 100871, China;National Engineering Research Center for Software Engineering (Peking University), Beijing 100871, China
在期刊界中查找
在百度中查找
在本站中查找
YE Wei
YE Wei
National Engineering Research Center for Software Engineering (Peking University), Beijing 100871, China
在期刊界中查找
在百度中查找
在本站中查找
XIE Rui
XIE Rui
National Engineering Research Center for Software Engineering (Peking University), Beijing 100871, China;School of Electronics Engineering and Computer Science, Peking University, Beijing 100871, China
在期刊界中查找
在百度中查找
在本站中查找
ZHANG Shi-Kun
ZHANG Shi-Kun
National Engineering Research Center for Software Engineering (Peking University), Beijing 100871, China
在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [89]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

源代码缺陷检测是判别程序代码中是否存在非预期行为的过程，广泛应用于软件测试、软件维护等软件工程任务，对软件的功能保障与应用安全方面具有至关重要的作用.传统的缺陷检测研究以程序分析为基础，通常需要很强的领域知识与复杂的计算规则，面临状态爆炸问题，导致检测性能有限，在误报漏报率上都有较大提高空间.近年来，开源社区的蓬勃发展积累了以开源代码为核心的海量数据，在此背景下，利用深度学习的特征学习能力能够自动学习语义丰富的代码表示，从而为缺陷检测提供一种新的途径.搜集了该领域最新的高水平论文，从缺陷代码数据集与深度学习缺陷检测模型两方面系统地对当前方法进行了归纳与阐述.最后对该领域研究所面临的主要挑战进行总结，并展望了未来可能的研究重点.

关键词:深度学习;缺陷检测;代码表征

Abstract:

Source code bug (vulnerability) detection is a process of judging whether there are unexpected behaviors in the program code. It is widely used in software engineering tasks such as software testing and software maintenance, and plays a vital role in software functional assurance and application security. Traditional vulnerability detection research is based on program analysis, which usually requires strong domain knowledge and complex calculation rules, and faces the problem of state explosion, resulting in limited detection performance, and there is room for greater improvement in the rate of false positives and false negatives. In recent years, the open source community's vigorous development has accumulated massive amounts of data with open source code as the core. In this context, the feature learning capabilities of deep learning can automatically learn semantically rich code representations, thereby providing a new way for vulnerability detection. This study collected the latest high-level papers in this field, systematically summarized and explained the current methods from two aspects:vulnerability code dataset and deep learning vulnerability detection model. Finally, it summarizes the main challenges faced by the research in this field, and looks forward to the possible future research focus.

Key words:deep learning;vulnerability detection;code representation

参考文献

[1] Planning S. The economic impacts of inadequate infrastructure for software testing. Technical Report, National Institute of Standards and Technology, 2002.

[2] LaToza TD, Venolia G, DeLine R. Maintaining mental models:A study of developer work habits. In:Proc. of the 28th Int'l Conf. on Software Engineering. 2006. 492-501.

[3] IEEE Standards Coordinating Committee. IEEE standard glossary of software engineering terminology (IEEE Std 610.12-1990). Los Alamitos:IEEE Computer Society, 1990, 169:132.

[4] Adger WN. Vulnerability. Global Environmental Change, 2006, 16(3):268-281.

[5] Coverity:Coverity scan static analysis. 2022. https://scan.coverity.com/

[6] KlocWork:Static code analysis for C, C++, C#, and Java. 2022. https://www.perforce.com/products/klocwork

[7] Gao Q, Ma S, Shao S, et al. CoBOT:Static C/C++ bug detection in the presence of incomplete code. In:Proc. of the 26th IEEE/ACM Int'l Conf. on Program Comprehension (ICPC). IEEE, 2018. 385-388.

[8] Cadar C, Dunbar D, Engler DR. Klee:Unassisted and automatic generation of high-coverage tests for complex systems programs. OSDI, 2008, 8:209-224.

[9] Chipounov V, Kuznetsov V, Candea G. S2E:A platform for in-vivo multi-path analysis of software systems. ACM SIGPLAN Notices, 2011, 46(3):265-278.

[10] Cha SK, Avgerinos T, Rebert A, et al. Unleashing mayhem on binary code. In:Proc. of the 2012 IEEE Symp. on Security and Privacy. IEEE, 2012. 380-394.

[11] LibFuzzer:A library for coverage-guided fuzz testing. 2022. http://llvm.org/docs/LibFuzzer.html

[12] Vimpari M. An evaluation of free fuzzing tools[MS. Thesis]. University of Oulu, 2015.

[13] AFL:American fuzzy lop. 2022. https://lcamtuf.coredump.cx/afl/

[14] Song CX, Wang X, Zhang WZ. Analysis and optimization of ANGR in dynamic software test application. Computer Engineering & Science, 2018, 40(S1):167-172 (in Chinese with English abstract). 宋丛溪, 王辛, 张文喆. Angr动态软件测试应用分析与优化. 计算机工程与科学, 2018, 40(S1):167-172.

[15] Godefroid P, Levin MY, Molnar D. SAGE:Whitebox fuzzing for security testing. Communications of the ACM, 2012, 55(3):40-44.

[16] Bochspwn. 2022. https://github.com/googleprojectzero/bochspwn

[17] Pan J, Yan G, Fan X. Digtool:A {virtualization-based} framework for detecting kernel vulnerabilities. In:Proc. of the 26th USENIX Security Symp. (USENIX Security 2017). 2017. 149-165.

[18] Syzkaller. 2022. https://github.com/google/syzkaller

[19] Rapidscan. 2022. https://github.com/skavngr/rapidscan

[20] Zhang X, Li ZJ. Survey of fuzz testing technology. Computer Science, 2016, 43(5):1-8 (in Chinese with English abstract). 张雄, 李舟军. 模糊测试技术研究综述. 计算机科学, 2016, 43(5):1-8.

[21] Ye ZB, Yan B. Survey of symbolic execution. Computer Science, 2018, 45(s1):28-35 (in Chinese with English abstract). 叶志斌, 严波. 符号执行研究综述. 计算机科学, 2018, 45(s1):28-35.

[22] Zou QC, Zhang T, Wu RP, Ma JX, Li MC, Chen C, Hou CY. From automation to intelligence:Survey of research on vulnerability discovery techniques. Journal of Tsinghua University (Science and Technology), 2018, 58(12):45-60 (in Chinese with English abstract). 邹权臣, 张涛, 吴润浦, 马金鑫, 李美聪, 陈晨, 侯长玉. 从自动化到智能化:软件漏洞挖掘技术进展. 清华大学学报(自然科学版), 2018, 58(12):1079-1094.

[23] Hindle A, Barr ET, Gabel M, et al. On the naturalness of software. Communications of the ACM, 2016, 59(5):122-131.

[24] Perl H, Dechand S, Smith M, et al. VCCfinder:Finding potential vulnerabilities in open-source projects to assist code audits. In:Proc. of the 22nd ACM SIGSAC Conf. on Computer and Communications Security. 2015. 426-437.

[25] Li Y, Huang CL, Wang ZF, et al. Survey of software vulnerability mining methods based on machine learning. Ruan Jian Xue Bao/Journal of Software, 2020, 31(7):2040−2061 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/6055.htm[doi:10.13328/j.cnki.jos.006055] 李韵, 黄辰林, 王中锋, 袁露, 王晓川. 基于机器学习的软件漏洞挖掘方法综述. 软件学报, 2020, 31(7):2040−2061. http://www.jos.org.cn/1000-9825/6055.htm[doi:10.13328/j.cnki.jos.006055].

[26] Chakraborty S, Krishna R, Ding Y, et al. Deep learning based vulnerability detection:Are we there yet. IEEE Trans. on Software Engineering, 2021.

[27] Lin G, Wen S, Han QL, et al. Software vulnerability detection using deep neural networks:A survey. Proc. of the IEEE, 2020, 108(10):1825-1848.

[28] SARD:Software assurance reference dataset. 2022. https://samate.nist.gov/SRD/index.php

[29] Owasp benchmark. 2022. https://owasp.org/www-project-benchmark/

[30] Xu A, Dai T, Chen H, et al. Vulnerability detection for source code using contextual LSTM. In:Proc. of the 5th Int'l Conf. on Systems and Informatics (ICSAI). IEEE, 2018. 1225-1230.

[31] Duan X, Wu J, Ji S, et al. VulSniper:Focus your attention to shoot fine-grained vulnerabilitie. In:Proc. of the IJCAI. 2019. 4665-4671.

[32] Cao D, Huang J, Zhang X, et al. FTCLNet:Convolutional LSTM with Fourier transform for vulnerability detection. In:Proc. of the 19th IEEE Int'l Conf. on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 2020. 539-546.

[33] Saccente N, Dehlinger J, Deng L, et al. Project Achilles:A prototype tool for static method-level vulnerability detection of Java source code using a recurrent neural network. In:Proc. of the 34th IEEE/ACM Int'l Conf. on Automated Software Engineering Workshop (ASEW). IEEE, 2019. 114-121.

[34] Feng H, Fu X, Sun H, et al. Efficient vulnerability detection based on abstract syntax tree and deep learning. In:Proc. of the IEEE INFOCOM 2020-IEEE Conf. on Computer Communications Workshops (INFOCOM WKSHPS). IEEE, 2020. 722-727.

[35] Ghaffarian SM, Shahriari HR. Neural software vulnerability analysis using rich intermediate graph representations of programs. Information Sciences, 2021, 553:189-207.

[36] Progex. 2022. https://github.com/ghaffarian/progex/

[37] Pradel M, Sen K. Deepbugs:A learning approach to name-based bug detection. Proc. of the ACM on Programming Languages, 2018, 2(OOPSLA):1-25.

[38] Allamanis M, Jackson-Flux H, Brockschmidt M. Self-supervised bug detection and repair. In:Advances in Neural Information Processing Systems. 2021. 34.

[39] Choi MJ, Jeong S, Oh H, et al. End-to-end prediction of buffer overruns from raw source code via neural memory networks. In:Proc. of the 26th Int'l Joint Conf. on Artificial Intelligence. 2017. 1546-1553.

[40] NVD. 2022. https://nvd.nist.gov/

[41] Lin G, Zhang J, Luo W, et al. Cross-project transfer representation learning for vulnerable function discovery. IEEE Trans. on Industrial Informatics, 2018, 14(7):3289-3297.

[42] Li Z, Zou D, Xu S, et al. VulDeePecker:A deep learning-based system for vulnerability detection. NDSS, 2018.

[43] Zou D, Wang S, Xu S, et al. μVulDeePecker:A deep learning-based system for multiclass vulnerability detection. IEEE Trans. on Dependable and Secure Computing, 2019.

[44] Li Z, Zou D, Xu S, et al. SySeVR:A framework for using deep learning to detect software vulnerabilities. IEEE Trans. on Dependable and Secure Computing, 2021.

[45] Xiao Y, Chen B, Yu C, et al. {MVP}:Detecting vulnerabilities using patch-enhanced vulnerability signatures. In:Proc. of the 29th {USENIX} Security Symp. ({USENIX} Security 2020). 2020. 1165-1182.

[46] Nikitopoulos G, Dritsa K, Louridas P, et al. CrossVul:A cross-language vulnerability dataset with commit data. In:Proc. of the 29th ACM Joint Meeting on European Software Engineering Conf. and Symp. on the Foundations of Software Engineering. 2021. 1565-1569.

[47] Lin G, Xiao W, Zhang J, et al. Deep learning-based vulnerable function detection:A benchmark. In:Proc. of the Int'l Conf. on Information and Communications Security. Cham:Springer, 2019. 219-232.

[48] Liu S, Lin G, Qu L, et al. CD-VulD:Cross-domain vulnerability discovery based on deep domain adaptation. IEEE Trans. on Dependable and Secure Computing, 2020.

[49] Jimenez M, Le Traon Y, Papadakis M. Enabling the continuous analysis of security vulnerabilities with VulData7. In:Proc. of the 18th IEEE Int'l Working Conf. on Source Code Analysis and Manipulation (SCAM). IEEE, 2018. 56-61.

[50] Clemente CJ, Jaafar F, Malik Y. Is predicting software security bugs using deep learning better than the traditional machine learning algorithms? In:Proc. of the 2018 IEEE Int'l Conf. on Software Quality, Reliability and Security (QRS). IEEE, 2018. 95-102.

[51] Alexopoulos N, Egert R, Grube T, et al. Poster:Towards automated quantitative analysis and forecasting of vulnerability discoveries in debian GNU/Linux. In:Proc. of the 2019 ACM SIGSAC Conf. on Computer and Communications Security. 2019. 2677-2679.

[52] Fan J, Li Y, Wang S, et al. AC/C++ code vulnerability dataset with code changes and CVE summaries. In:Proc. of the 17th Int'l Conf. on Mining Software Repositories. 2020. 508-512.

[53] Li J, He P, Zhu J, et al. Software defect prediction via convolutional neural network. In:Proc. of the 2017 IEEE Int'l Conf. on Software Quality, Reliability and Security (QRS). IEEE, 2017. 318-328.

[54] Zhang X, Ben K, Zeng J. Cross-entropy:A new metric for software defect prediction. In:Proc. of the 2018 IEEE Int'l Conf. on Software Quality, Reliability and Security (QRS). IEEE, 2018. 111-122.

[55] Ponta SE, Plate H, Sabetta A, et al. A manually-curated dataset of fixes to vulnerabilities of open-source software. In:Proc. of the 16th IEEE/ACM Int'l Conf. on Mining Software Repositories (MSR). IEEE, 2019. 383-387.

[56] Dong Y, Guo W, Chen Y, et al. Towards the detection of inconsistencies in public security vulnerability reports. In:Proc. of the 28th {USENIX} Security Symp. ({USENIX} Security 2019). 2019. 869-885.

[57] Rostami S, Kleszcz A, Dimanov D, et al. A machine learning approach to dataset imputation for software vulnerabilities. In:Proc. of the Int'l Conf. on Multimedia Communications, Services and Security. Cham:Springer, 2020. 25-36.

[58] Gonzalez D, Hastings H, Mirakhorli M. Automated characterization of software vulnerabilities. In:Proc. of the 2019 IEEE Int'l Conf. on Software Maintenance and Evolution (ICSME). IEEE, 2019. 135-139.

[59] Bhandari G, Naseer A, Moonen L. CVEfixes:Automated collection of vulnerabilities and their fixes from open-source software. In:Proc. of the 17th Int'l Conf. on Predictive Models and Data Analytics in Software Engineering. 2021. 30-39.

[60] Karampatsis RM, Sutton C. How often do single-statement bugs occur? The manysstubs4j dataset. In:Proc. of the 17th Int'l Conf. on Mining Software Repositories. 2020. 573-577.

[61] Li Y, Wang S, Nguyen TN, et al. Improving bug detection via context-based code representation learning and attention-based neural networks. Proc. of the ACM on Programming Languages, 2019, 3(OOPSLA):1-30.

[62] Zhou Y, Sharma A. Automated identification of security issues from commit messages and bug reports. In:Proc. of the 11th Joint Meeting on Foundations of Software Engineering. 2017. 914-919.

[63] Sabetta A, Bezzi M. A practical approach to the automatic classification of security-relevant commits. In:Proc. of the 2018 IEEE Int'l Conf. on Software Maintenance and Evolution (ICSME). IEEE, 2018. 579-582.

[64] Wang H, Ye G, Tang Z, et al. Combining graph-based learning with automated data collection for code vulnerability detection. IEEE Trans. on Information Forensics and Security, 2020, 16:1943-1958.

[65] Zhou Y, Liu S, Siow J, et al. Devign:Effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In:Advances in Neural Information Processing Systems. 2019. 32.

[66] Cheng X, Wang H, Hua J, et al. DeepWukong:Statically detecting software vulnerabilities using deep graph neural network. ACM Trans. on Software Engineering and Methodology (TOSEM), 2021, 30(3):1-33.

[67] Russell R, Kim L, Hamilton L, et al. Automated vulnerability detection in source code using deep representation learning. In:Proc. of the 17th IEEE Int'l Conf. on Machine Learning and Applications (ICMLA). IEEE, 2018. 757-762.

[68] Dam HK, Pham T, Ng SW, et al. Lessons learned from using a deep tree-based model for software defect prediction in practice. In:Proc. of the 16th IEEE/ACM Int'l Conf. on Mining Software Repositories (MSR). IEEE, 2019. 46-57.

[69] Garg A, Degiovanni R, Jimenez M, et al. Learning to predict vulnerabilities from vulnerability-fixes:A machine translation approach. arXiv:2012.11701, 2020.

[70] Devlin J, Chang MW, Lee K, et al. BERT:Pre-training of deep bidirectional transformers for language understanding. arXiv:1810.04805, 2018.

[71] Feng Z, Guo D, Tang D, et al. CodeBERT:A pre-trained model for programming and natural languages. In:Proc. of the Findings of the Association for Computational Linguistics:EMNLP 2020. 2020. 1536-1547.

[72] Zhou X, Han DG, Lo D. Assessing generalizability of CodeBERT. In:Proc. of the 2021 IEEE Int'l Conf. on Software Maintenance and Evolution (ICSME). IEEE Computer Society, 2021. 425-436.

[73] Ahmad W, Chakraborty S, Ray B, et al. Unified pre-training for program understanding and generation. In:Proc. of the 2021 Conf. of the North American Chapter of the Association for Computational Linguistics:Human Language Technologies. 2021. 2655-2668.

[74] Lewis M, Liu Y, Goyal N, et al. BART:Denoising sequence-to-sequence pre-training for natural language generation, translation, and comprehension. In:Proc. of the 58th Annual Meeting of the Association for Computational Linguistics. 2020. 7871-7880.

[75] Feng Q, Feng C, Hong W. Graph neural network-based vulnerability predication. In:Proc. of the 2020 IEEE Int'l Conf. on Software Maintenance and Evolution (ICSME). IEEE, 2020. 800-801.

[76] Pechenkin A, Demidov R. Applying deep learning and vector representation for software vulnerabilities detection. In:Proc. of the 11th Int'l Conf. on Security of Information and Networks. 2018. 1-6.

[77] Li Z, Zou D, Xu S, et al. Vuldeelocator:A deep learning-based fine-grained vulnerability detector. IEEE Trans. on Dependable and Secure Computing, 2021.

[78] An W, Chen L, Wang J, et al. AVDHRAM:Automated vulnerability detection based on hierarchical representation and attention mechanism. In:Proc. of the 2020 IEEE Int'l Conf. on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom). IEEE, 2020. 337-344.

[79] Zou D, Zhu Y, Xu S, et al. Interpreting deep learning-based vulnerability detector predictions based on heuristic searching. ACM Trans. on Software Engineering and Methodology (TOSEM), 2021, 30(2):1-31.

[80] Mao Y, Li Y, Sun J, et al. Explainable software vulnerability detection based on attention-based bidirectional recurrent neural networks. In:Proc. of the 2020 IEEE Int'l Conf. on Big Data (Big Data). IEEE, 2020. 4651-4656.

[81] Li Y, Wang S, Nguyen TN. Vulnerability detection with fine-grained interpretations. In:Proc. of the 2021 ACM Joint European Software Engineering Conf. and Symp. on the Foundations of Software Engineering (ESEC/FSE). 2021.

[82] Nguyen V, Le T, Le T, et al. Deep domain adaptation for vulnerable code function identification. In:Proc. of the 2019 Int'l Joint Conf. on Neural Networks (IJCNN). IEEE, 2019. 1-8.

[83] Hua J, Wang H. On the effectiveness of deep vulnerability detectors to simple stupid bug detection. In:Proc. of the 18th IEEE/ACM Int'l Conf. on Mining Software Repositories (MSR). IEEE, 2021. 530-534.

[84] Wu P, Yin L, Du X, et al. Graph-based vulnerability detection via extracting features from sliced code. In:Proc. of the 20th IEEE Int'l Conf. on Software Quality, Reliability and Security Companion (QRS-C). IEEE, 2020. 38-45.

[85] Jabeen G, Ping L, Akram J, et al. An integrated software vulnerability discovery model based on artificial neural network. In:Proc. of the SEKE. 2019. 349-458.

[86] Zhang C, Chen J, Cai S, et al. iTES:Integrated testing and evaluation system for software vulnerability detection methods. In:Proc. of the 19th IEEE Int'l Conf. on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 2020. 1455-1460.

[87] Ahmadi M, Farkhani RM, Williams R, et al. Finding bugs using your own code:detecting functionally-similar yet inconsistent code. In:Proc. of the 30th {USENIX} Security Symp. 2021.

[88] Kanade A, Maniatis P, Balakrishnan G, et al. Learning and evaluating contextual embedding of source code. In:Proc. of the Int'l Conf. on Machine Learning. PMLR, 2020. 5110-5121.

[89] Yuan X, Zeng P, Tai Y, et al. The efficiency of vulnerability detection based on deep learning. In:Proc. of the Advancements in Mechatronics and Intelligent Robotics. Singapore:Springer, 2021. 449-455.

引用本文

邓枭,叶蔚,谢睿,张世琨.基于深度学习的源代码缺陷检测研究综述.软件学报,2023,34(2):625-654

复制

文章指标

点击次数:3685
下载次数: 22778
HTML阅读次数: 4985
引用次数: 0

历史

收稿日期:2022-01-05
最后修改日期:2022-02-27
录用日期:
在线发布日期: 2023-02-10
出版日期: 2023-02-06

微信服务号

微信订阅号

引用本文

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

分享

微信扫一扫：分享

文章指标

历史

文章二维码