VulnMiner: A comprehensive framework for vulnerability collection from C/C++ source code projects

被引：0

作者：

Bhandari, Guru ^{[1
]}

Gavric, Nikola ^{[1
]}

Shalaginov, Andrii ^{[1
]}

机构：

[1] Kristiania Univ Coll, Cybersecur Dept, Oslo, Norway

来源：

SOFTWARE IMPACTS | 2024年 / 22卷

关键词：

Vulnerability extraction tool; Static security analyzers; Vulnerabilities dataset; Source code; Machine learning; C/C++ code;

D O I：

10.1016/j.simpa.2024.100713

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

The study introduces VulnMiner, a comprehensive framework encompassing a data extraction tool tailored for identifying vulnerabilities in C/C++ source code. Moreover, it unveils an initial release of a vulnerability dataset, curated from prevalent projects and annotated with vulnerable and benign instances. This dataset incorporates projects with vulnerabilities labeled as Common Weakness Enumeration (CWE) categories. The developed open-source extraction tool collects vulnerability data utilizing static security analyzers. The study also fosters the machine learning (ML) and natural language processing (NLP) model's effectiveness in accurately classifying vulnerabilities, evidenced by its identification of numerous weaknesses in open-source projects.

引用

页数：4

共 50 条

[11] Keeping C/C++ code scalable
Rational Software Division, IBM
Dr Dobb's J, 3 (28-34):
[12] Bulletproofing C++ code
Sokolov, Sergei
DR DOBBS JOURNAL, 2007, 32 (02): : 37 - 42
[13] OPTIMIZING C++ CODE
BRIGHT, W
DR DOBBS JOURNAL, 1995, 20 (08): : 88 - 89
[14] MegaVul: A C/C plus plus Vulnerability Dataset with Comprehensive Code Representations
Ni, Chao
Shen, Liyu
Yang, Xiaohu
Zhu, Yan
Wang, Shaohua
2024 IEEE/ACM 21ST INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES, MSR, 2024, : 738 - 742
[15] The Impact on Open Source Projects Due to C++ Templates and Lambdas:
Shaikh, Bushra
Jagtap, Vandana
Pujeri, Uma
Shukla, Ayush
14th International Conference on Advances in Computing, Control, and Telecommunication Technologies, ACT 2023, 2023, 2023-June : 1530 - 1537
[16] Porting C++ code from NT to UNIX
Frazier, GF
DR DOBBS JOURNAL, 1999, 24 (04): : 84 - +
[17] Ant, Cpptasks, & multiplatform C/C++ projects
Raner, M
DR DOBBS JOURNAL, 2003, 28 (09): : 44 - +
[18] New standards and source code bundle speed and maintainability with C/C++ graphing libraries
Porter, Michael L.
Personal Engineering and Instrumentation News, 1996, 13 (09):
[19] Statically testing C++ code
Milanesi, Carlo
DR DOBBS JOURNAL, 2008, 33 (02): : 66 - 70
[20] Performance testing C++ code
Hunt, N
JOURNAL OF OBJECT-ORIENTED PROGRAMMING, 1996, 8 (08): : 22 - 25

← 1 2 3 4 5 →