VUDENC: Vulnerability Detection with Deep Learning on a Natural Codebase for Python

Identifying potential vulnerable code is important to improve the security of our software systems. However, manual detection vulnerabilities requires expert knowledge and time-consuming, must be supported by automated techniques. Such vulnerability techniques should achieve a high accuracy, point developers directly fragments, scale real-world software, generalize across boundaries specific project, require no or only moderate setup configuration effort. In this article, we present Vudenc (Vulnerability Detection with Deep Learning on Natural Codebase), deep learning-based tool that automatically learns features from large Python codebase. applies word2vec model identify semantically similar tokens provide vector representation. A network long-short-term memory cells (LSTM) then used classify token sequences at fine-grained level, highlight areas in source are likely contain vulnerabilities, confidence levels for its predictions. To evaluate Vudenc, 1,009 vulnerability-fixing commits different GitHub repositories seven types (SQL injection, XSS, Command XSRF, Remote execution, Path disclosure, Open redirect) training. experimental evaluation, achieves recall 78%–87%, precision 82%–96%, an F1 score 80%–90%. Vudenc’s code, datasets corpus available reproduction. Our results suggest capable outperforming most competitors terms vulnerably capabilities software. Comparable accuracy was achieved synthetic benchmarks, within single projects, much coarser level granularity such as entire files.