소프트웨어 보안 취약성 자동 탐지

Software vulnerability refers to the characteristic that software can be exploited by attackers. Unauthorized actions can cause economic loss or damage to human life. Therefore, security vulnerabilities should be managed to prevent a malfunction of a software system. This paper provides a deep learn...

Full description

Saved in:
Bibliographic Details
Published in전기학회 논문지 P권, 70(3) Vol. 70P; no. 3; pp. 157 - 162
Main Authors 김성민(Sung-Min Kim), 김동관(Dong Kwan Kim)
Format Journal Article
LanguageKorean
Published 대한전기학회 01.09.2021
Subjects
전기공학
Common Vulnerabilities and Exposures (CVE)
Code Changes
Security Vulnerability
Deep Learning
Online AccessGet full text
ISSN1229-800X
2586-7792
DOI10.5370/KIEEP.2021.70.3.157

Cover

More Information
Summary:Software vulnerability refers to the characteristic that software can be exploited by attackers. Unauthorized actions can cause economic loss or damage to human life. Therefore, security vulnerabilities should be managed to prevent a malfunction of a software system. This paper provides a deep learning-based system that automatically detects software security vulnerabilities. The proposed detection system builds datasets with vulnerable and non-vulnerable functions for a supervised learning model. These datasets are collected from the CVE databases and GitHub repositories. The automation detection model achieved a high f1-score of 98%. Furthermore, the proposed model showed better classification performance than traditonal machine learning algorithms KCI Citation Count: 0
ISSN:1229-800X
2586-7792
DOI:10.5370/KIEEP.2021.70.3.157