VulnMiner: A comprehensive framework for vulnerability collection from C/C++ source code projects

被引：0

作者：

Bhandari, Guru ^{[1
]}

Gavric, Nikola ^{[1
]}

Shalaginov, Andrii ^{[1
]}

机构：

[1] Kristiania Univ Coll, Cybersecur Dept, Oslo, Norway

来源：

SOFTWARE IMPACTS | 2024年 / 22卷

关键词：

Vulnerability extraction tool; Static security analyzers; Vulnerabilities dataset; Source code; Machine learning; C/C++ code;

D O I：

10.1016/j.simpa.2024.100713

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

The study introduces VulnMiner, a comprehensive framework encompassing a data extraction tool tailored for identifying vulnerabilities in C/C++ source code. Moreover, it unveils an initial release of a vulnerability dataset, curated from prevalent projects and annotated with vulnerable and benign instances. This dataset incorporates projects with vulnerabilities labeled as Common Weakness Enumeration (CWE) categories. The developed open-source extraction tool collects vulnerability data utilizing static security analyzers. The study also fosters the machine learning (ML) and natural language processing (NLP) model's effectiveness in accurately classifying vulnerabilities, evidenced by its identification of numerous weaknesses in open-source projects.

引用

页数：4

共 50 条

[1] A Comparative Study of Static Code Analysis tools for Vulnerability Detection in C/C++ and JAVA Source Code
Kaur, Arvinder
Nayyar, Ruchikaa
Procedia Computer Science, 2020, 171 : 2023 - 2029
[2] Fast analysis of source code in C and C++
V. O. Savitskii
D. V. Sidorov
Programming and Computer Software, 2013, 39 : 49 - 55
[3] Mining design patterns from C++ source code
Balanyi, Z
Ferenc, R
INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE, PROCEEDINGS, 2003, : 305 - 314
[4] ITS4: A static vulnerability scanner for C and C++ code
Viega, J
Bloch, JT
Kohno, Y
McGraw, G
16TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2000, : 257 - 267
[5] C++ Source Code Rejuvenation for an Improved Exception Specification
Fulop, Endre
Gyen, Attila
Pataki, Norbert
IPSI BGD TRANSACTIONS ON INTERNET RESEARCH, 2023, 19 (01): : 17 - 22
[6] Writing fuzzy rules directly in a C++ source code
deOliveira, MC
Facury, MAR
FUZZ-IEEE '96 - PROCEEDINGS OF THE FIFTH IEEE INTERNATIONAL CONFERENCE ON FUZZY SYSTEMS, VOLS 1-3, 1996, : 522 - 528
[7] A Framework for Reverse Engineering Large C++ Code Bases
Telea, Alexandru
Byelas, Heorhiy
Voinea, Lucian
ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2009, 233 (0C) : 143 - 159
[8] C++ and garbage collection
Spertus, M
DR DOBBS JOURNAL, 1997, 22 (12): : 36 - &
[9] C++ and garbage collection
Dr Dobb's J Software Tools Prof Program, 12 (36, 38, 40-41):
[10] Keeping C/C++ code scalable
Krauss, KJ
DR DOBBS JOURNAL, 2006, 31 (03): : 28 - +

← 1 2 3 4 5 →