Deep security analysis of program code - A systematic literature review (ICPC 2022 - Journal First)

Who

Tim Sonnekalb, Thomas S. Heinze, Patrick Mäder

Track

ICPC 2022 Journal First

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Mon 16 May 2022 08:14 - 08:21 at ICPC room - Session 5: Security Chair(s): Na Meng

Abstract

Due to the continuous digitalization of our society, distributed and web-based applications become omnipresent and making them more secure gains paramount relevance. Deep learning (DL) and its representation learning approach are increasingly been proposed for program code analysis potentially providing a powerful means in making software systems less vulnerable. This systematic literature review (SLR) is aiming for a thorough analysis and comparison of 32 primary studies on DL-based vulnerability analysis of program code. We found a rich variety of proposed analysis approaches, code embeddings and network topologies. We discuss these techniques and alternatives in detail. By compiling commonalities and differences in the approaches, we identify the current state of research in this area and discuss future directions. We also provide an overview of publicly available datasets in order to foster a stronger benchmarking of approaches. This SLR provides an overview and starting point for researchers interested in deep vulnerability analysis on program code.

Link to Preprint

https://link.springer.com/article/10.1007/s10664-021-10029-x

Tim Sonnekalb

Thomas S. Heinze

Aarhus University, Denmark

Patrick Mäder

Technische Universität Ilmenau

Germany

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Mon 16 May
Displayed time zone: Eastern Time (US & Canada) change

08:00 - 08:30	Session 5: SecurityResearch / Journal First at ICPC room Chair(s): Na Meng Virginia Tech

08:00 7m Talk		Automated Identification of Libraries from Vulnerability Data: Can We Do Better? Research Stefanus Agus Haryono Singapore Management University, Hong Jin Kang Singapore Management University, Abhishek Sharma Veracode, Inc., Asankhaya Sharma Veracode, Inc., Andrew Santosa Veracode, Inc., Ang Ming Yi Veracode, Inc., David Lo Singapore Management University Pre-print Media Attached
08:07 7m Talk		Example-Based Vulnerability Detection and Repair in Java Code Research Ying Zhang Virginia Tech, USA, Ya Xiao Virginia Tech, Md Mahir Asef Kabir Department of Computer Science, Virginia Tech, Daphne Yao Virginia Tech, Na Meng Virginia Tech Media Attached
08:14 7m Talk		Deep security analysis of program code - A systematic literature review Journal First Tim Sonnekalb , Thomas S. Heinze Aarhus University, Denmark, Patrick Mäder Technische Universität Ilmenau Pre-print
08:21 9m Live Q&A		Q&A-Paper Session 5 Research

Information for Participants

Mon 16 May 2022 08:00 - 08:30 at ICPC room - Session 5: Security Chair(s): Na Meng

Info for room ICPC room:

Click here to go to the room on Midspace