Leveraging Neural Code Embeddings and Hybrid Static-Dynamic Analysis for Enhanced Vulnerability Detection
Author : Durga Praveen Deevi and Thanjaivadivel M
Abstract :
Now classic code analysis methods are already obsolete with respect to detecting serious hidden or deeply-rooted vulnerabilities. As software complexity keeps going up, any escalation in cyber-attacks is threatening to demand more sophisticated methods of detection. This paper describes a new combined static and dynamic analysis approach with a convolutional neural network to enhance vulnerability discovery while constructing neural code embeddings. It is capable of transforming source code into two-dimensional pictures so that the intricate features are picked up by the CNN, something a conventional model would find difficult to analyse. This dual use of both static and dynamic analyses tends to fortify the model further in discovering the secretive and less apparent security flaws in the system. Data completeness and improvement for model reliability were ensured with preprocessing tools such as K-Nearest Neighbours (KNN) imputation and Z-score normalization. They fill in the gaps in the data and standardize input data for fast and consistent training. With that, the proposed model offers an overall accuracy of 98.5%, well above that of the conventional methods. An effective model of this nature therefore stands to be a useful and efficient approach to modern secure software development pipelines when it proves highest in scalability and detection rate. This deep learning framework thus attests to the efficacy of advanced artificial intelligence toward securing software with the smartly and automatically analysed code.
Keywords :
Convolutional neural network, software vulnerability detection, automated code analysis, code preprocessing, k-nearest neighbours, hybrid analysis.
