Combinatorial Code Classification & Vulnerability Rating

Autor: Peter Shaw, Faisal N. Abu-Khzam, Heng Yin, Sheng Yu, Joseph R. Barr, Tyler Thatcher
Rok vydání: 2020
Předmět:
Zdroj: 2020 Second International Conference on Transdisciplinary AI (TransAI).
DOI: 10.1109/transai49837.2020.00017
Popis: Empirical analysis of source code of Android Fluoride Bluetooth stack demonstrates a novel approach of classification of source code and rating for vulnerability. A workflow that combines deep learning and combinatorial techniques with a straightforward random forest regression is presented. Two kinds of embedding are used: code2vec and LSTM, resulting in a distance matrix that is interpreted as a (combinatorial) graph whose vertices represent code components, functions and methods. Cluster Editing is then applied to partition the vertex set of the graph into subsets representing nearly complete subgraphs. Finally, the vectors representing the components are used as features to model the components for vulnerability risk.
Databáze: OpenAIRE