VulnMiner: A comprehensive framework for vulnerability collection from C/C++ source code projects

被引：0

作者：

Bhandari, Guru ^{[1
]}

Gavric, Nikola ^{[1
]}

Shalaginov, Andrii ^{[1
]}

机构：

[1] Kristiania Univ Coll, Cybersecur Dept, Oslo, Norway

来源：

SOFTWARE IMPACTS | 2024年 / 22卷

关键词：

Vulnerability extraction tool; Static security analyzers; Vulnerabilities dataset; Source code; Machine learning; C/C++ code;

D O I：

10.1016/j.simpa.2024.100713

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

The study introduces VulnMiner, a comprehensive framework encompassing a data extraction tool tailored for identifying vulnerabilities in C/C++ source code. Moreover, it unveils an initial release of a vulnerability dataset, curated from prevalent projects and annotated with vulnerable and benign instances. This dataset incorporates projects with vulnerabilities labeled as Common Weakness Enumeration (CWE) categories. The developed open-source extraction tool collects vulnerability data utilizing static security analyzers. The study also fosters the machine learning (ML) and natural language processing (NLP) model's effectiveness in accurately classifying vulnerabilities, evidenced by its identification of numerous weaknesses in open-source projects.

引用

页数：4

共 50 条

[21] A Software Vulnerability Dataset of Large Open Source C/C plus plus Projects
Pereira, Jose D'Abruzzo
Antunes, Joao Henggeler
Vieira, Marco
2022 IEEE 27TH PACIFIC RIM INTERNATIONAL SYMPOSIUM ON DEPENDABLE COMPUTING (PRDC), 2022, : 152 - 163
[22] PRECOMPILING C++ FOR GARBAGE COLLECTION
EDELSON, DR
LECTURE NOTES IN COMPUTER SCIENCE, 1992, 637 : 299 - 314
[23] Vulnerability Detection in C/C plus plus Source Code With Graph Representation Learning
Wu, Yuelong
Lu, Jintian
Zhang, Yunyi
Jin, Shuyuan
2021 IEEE 11TH ANNUAL COMPUTING AND COMMUNICATION WORKSHOP AND CONFERENCE (CCWC), 2021, : 1519 - 1524
[24] Platform-independent code conversion within the C++ locale framework
Engebretsen, Lars
SOFTWARE-PRACTICE & EXPERIENCE, 2006, 36 (15): : 1643 - 1654
[25] Reverse engineering of the interaction diagrams from C++ code
Tonella, P
Potrich, A
INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE, PROCEEDINGS, 2003, : 159 - 168
[26] High-fidelity C/C++ code transformation
Waddingtona, Daniel
Yao, Bin
SCIENCE OF COMPUTER PROGRAMMING, 2007, 68 (02) : 64 - 78
[27] Portable C/C++ code for portable XML data
Wang, ZQ
Cheng, HH
IEEE SOFTWARE, 2006, 23 (01) : 76 - +
[28] High-Fidelity C/C++ Code Transformation
Waddington, Daniel G.
Yao, Bin
ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2005, 141 (04) : 35 - 56
[29] Fortran, C and C++ code for econometrics and optimisation applications
Orszag, JM
ECONOMIC JOURNAL, 1997, 107 (440): : 252 - 256
[30] TUAnalyzer - Analyzing templates in C++ code
Gschwind, T
Pinzger, M
Gall, H
11TH WORKING CONFERENCE ON REVERSE ENGINEERING, PROCEEDINGS, 2004, : 48 - 57

← 1 2 3 4 5 →