Auto-Detection of Programming Code Vulnerabilities with Natural Language Processing

Author

Yubai Zhang, Illinois State UniversityFollow

Graduation Term

2021

Degree Name

Master of Science (MS)

Department

School of Information Technology: Information Systems

Committee Chair

Shaoen Wu

Abstract

Security vulnerabilities in source code are traditionally detected manually by software developers because there are no effective auto-detection tools. Current vulnerability detection tools require great human effort, and the results have flaws in many ways. However, deep learning models could be a solution to this problem for the following reasons: 1. Deep learning models are relatively accurate for text classification and text summarization for source code. 2. After being deployed on the cloud servers, the efficiency of deep learning based auto-detection could be much higher than human effort. Therefore, we developed two Natural Language Processing(NLP) models: the first one is a text-classification model that takes source code as input and outputs the classification of the security vulnerability of the input. The second one is a text-to-text model that takes source code as input and outputs a completely machine-generated summary about the security vulnerability of the input. Our evaluation shows that both models get impressive results.

Access Type

Thesis-Open Access

Recommended Citation

Zhang, Yubai, "Auto-Detection of Programming Code Vulnerabilities with Natural Language Processing" (2021). Theses and Dissertations. 1509.
https://ir.library.illinoisstate.edu/etd/1509

DOI

https://doi.org/10.30707/ETD2021.20220215070319220232.999972