Combinatorial Code Classification & Vulnerability Rating
Autor: | Peter Shaw, Faisal N. Abu-Khzam, Heng Yin, Sheng Yu, Joseph R. Barr, Tyler Thatcher |
---|---|
Rok vydání: | 2020 |
Předmět: |
Source code
Theoretical computer science business.industry Computer science media_common.quotation_subject Deep learning Static program analysis Bluetooth stack Random forest Vertex (geometry) Distance matrix Embedding Artificial intelligence business MathematicsofComputing_DISCRETEMATHEMATICS media_common |
Zdroj: | 2020 Second International Conference on Transdisciplinary AI (TransAI). |
DOI: | 10.1109/transai49837.2020.00017 |
Popis: | Empirical analysis of source code of Android Fluoride Bluetooth stack demonstrates a novel approach of classification of source code and rating for vulnerability. A workflow that combines deep learning and combinatorial techniques with a straightforward random forest regression is presented. Two kinds of embedding are used: code2vec and LSTM, resulting in a distance matrix that is interpreted as a (combinatorial) graph whose vertices represent code components, functions and methods. Cluster Editing is then applied to partition the vertex set of the graph into subsets representing nearly complete subgraphs. Finally, the vectors representing the components are used as features to model the components for vulnerability risk. |
Databáze: | OpenAIRE |
Externí odkaz: |