Automated Software Vulnerability Detection Based on Hybrid Neural Network

Vulnerabilities threaten the security of information systems. It is crucial to detect and patch vulnerabilities before attacks happen. However, existing vulnerability detection methods suffer from long-term dependency, out vocabulary, bias towards global features or local features, coarse granularity. This paper proposes an automatic framework in source code based on a hybrid neural network. First, inputs are transformed into intermediate representation with explicit structure using lower level virtual machine (LLVM IR) backward program slicing. After transformation, size samples vocabulary significantly reduced. A network model then applied extract high-level vulnerability, which learns both convolutional networks (CNNs) recurrent (RNNs). The former learn such as buffer size. Furthermore, latter utilized data dependency. extracted made up concatenated outputs CNN RNN. Experiments performed validate our method. results show that proposed method achieves excellent F1-scores 98.6% accuracy 99.0% SARD dataset. outperforms state-of-the-art methods.