A Comparison of Different Source Code Representation Methods for Vulnerability Prediction in Python
| Autor: | Péter Hegedűs, Amirreza Bagheri |
|---|---|
| Rok vydání: | 2021 |
| Předmět: |
Source code
Property (programming) Computer science business.industry media_common.quotation_subject Feature vector Software development 020207 software engineering 02 engineering and technology Python (programming language) 16. Peace & justice Machine learning computer.software_genre 0202 electrical engineering electronic engineering information engineering Code (cryptography) 020201 artificial intelligence & image processing Word2vec Artificial intelligence Representation (mathematics) business computer computer.programming_language media_common |
| Zdroj: | Communications in Computer and Information Science ISBN: 9783030853464 QUATIC Communications in Computer and Information Science Communications in Computer and Information Science-Quality of Information and Communications Technology Proceedings of the 14th International Conference on the Quality of Information and Communications Technology (QUATIC 2021) |
| ISSN: | 1865-0929 1865-0937 |
| DOI: | 10.1007/978-3-030-85347-1_20 |
| Popis: | In the age of big data and machine learning, at a time when the techniques and methods of software development are evolving rapidly, a problem has arisen: programmers can no longer detect all the security flaws and vulnerabilities in their code manually. To overcome this problem, developers can now rely on automatic techniques, like machine learning based prediction models, to detect such issues. An inherent property of such approaches is that they work with numeric vectors (i.e., feature vectors) as inputs. Therefore, one needs to transform the source code into such feature vectors, often referred to as code embedding. A popular approach for code embedding is to adapt natural language processing techniques, like text representation, to automatically derive the necessary features from the source code. However, the suitability and comparison of different text representation techniques for solving Software Engineering (SE) problems is rarely studied systematically. In this paper, we present a comparative study on three popular text representation methods, word2vec, fastText, and BERT applied to the SE task of detecting vulnerabilities in Python code. Using a data mining approach, we collected a large volume of Python source code in both vulnerable and fixed forms that we embedded with word2vec, fastText, and BERT to vectors and used a Long Short-Term Memory network to train on them. Using the same LSTM architecture, we could compare the efficiency of the different embeddings in deriving meaningful feature vectors. Our findings show that all the text representation methods are suitable for code representation in this particular task, but the BERT model is the most promising as it is the least time consuming and the LSTM model based on it achieved the best overall accuracy (93.8%) in predicting Python source code vulnerabilities. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|