VulDeBERT: A Vulnerability Detection System Using BERT

Soolin Kim; Jusop Choi; Muhammad Ejaz Ahmed; Surya Nepal; Hyoungshick Kim

doi:10.1109/ISSREW55968.2022.00042

VulDeBERT: A Vulnerability Detection System Using BERT

Soolin Kim, Jusop Choi, Muhammad Ejaz Ahmed, Surya Nepal, Hyoungshick Kim

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

43 Scopus citations

Abstract

Deep learning technologies recently received much attention to detect vulnerable code patterns accurately. This paper proposes a new deep learning-based vulnerability detection tool dubbed VulDeBERT by fine-tuning a pre-trained language model, Bidirectional Encoder Representations from Transformers (BERT), on the vulnerable code dataset. To support VulDeBERT, we develop a new code analysis tool to extract well-represented abstract code fragments from C and C++ source code. The experimental results show that VulDeBERT outperforms the state-of-the-art tool, VulDeePecker [1] for two security vul- nerability types (CWE-119 and CWE-399). For the CWE-119 dataset, VulDeBERT achieved an Fl score of 94.6 %, which is significantly better than VulDeePecker, achieving an Fl score of 86.6 % in the same settings. Again, for the CWE-399 dataset, VulDeBERT achieved an Fl score of 97.9 %, which is also better than VulDeePecker, achieving an Fl score of 95 % in the same settings.

Original language	English
Title of host publication	Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	69-74
Number of pages	6
ISBN (Electronic)	9781665476799
DOIs	https://doi.org/10.1109/ISSREW55968.2022.00042
State	Published - 2022
Externally published	Yes
Event	33rd IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022 - Virtual, Online, United States Duration: 31 Oct 2022 → 3 Nov 2022

Publication series

Name	Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022

Conference

Conference	33rd IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022
Country/Territory	United States
City	Virtual, Online
Period	31/10/22 → 3/11/22

Keywords

Code Gadget
Vulnerability Detection

Access to Document

10.1109/ISSREW55968.2022.00042

Cite this

Kim, S., Choi, J., Ahmed, M. E., Nepal, S., & Kim, H. (2022). VulDeBERT: A Vulnerability Detection System Using BERT. In Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022 (pp. 69-74). (Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISSREW55968.2022.00042

Kim, Soolin ; Choi, Jusop ; Ahmed, Muhammad Ejaz et al. / VulDeBERT : A Vulnerability Detection System Using BERT. Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022. Institute of Electrical and Electronics Engineers Inc., 2022. pp. 69-74 (Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022).

@inproceedings{b795eb844c9b47049a7754bf8a9d8b68,

title = "VulDeBERT: A Vulnerability Detection System Using BERT",

abstract = "Deep learning technologies recently received much attention to detect vulnerable code patterns accurately. This paper proposes a new deep learning-based vulnerability detection tool dubbed VulDeBERT by fine-tuning a pre-trained language model, Bidirectional Encoder Representations from Transformers (BERT), on the vulnerable code dataset. To support VulDeBERT, we develop a new code analysis tool to extract well-represented abstract code fragments from C and C++ source code. The experimental results show that VulDeBERT outperforms the state-of-the-art tool, VulDeePecker [1] for two security vul- nerability types (CWE-119 and CWE-399). For the CWE-119 dataset, VulDeBERT achieved an Fl score of 94.6 \%, which is significantly better than VulDeePecker, achieving an Fl score of 86.6 \% in the same settings. Again, for the CWE-399 dataset, VulDeBERT achieved an Fl score of 97.9 \%, which is also better than VulDeePecker, achieving an Fl score of 95 \% in the same settings.",

keywords = "Code Gadget, Vulnerability Detection",

author = "Soolin Kim and Jusop Choi and Ahmed, \{Muhammad Ejaz\} and Surya Nepal and Hyoungshick Kim",

note = "Publisher Copyright: {\textcopyright} 2022 IEEE.; 33rd IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022 ; Conference date: 31-10-2022 Through 03-11-2022",

year = "2022",

doi = "10.1109/ISSREW55968.2022.00042",

language = "English",

series = "Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "69--74",

booktitle = "Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022",

}

Kim, S, Choi, J, Ahmed, ME, Nepal, S & Kim, H 2022, VulDeBERT: A Vulnerability Detection System Using BERT. in Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022. Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022, Institute of Electrical and Electronics Engineers Inc., pp. 69-74, 33rd IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022, Virtual, Online, United States, 31/10/22. https://doi.org/10.1109/ISSREW55968.2022.00042

VulDeBERT: A Vulnerability Detection System Using BERT. / Kim, Soolin; Choi, Jusop; Ahmed, Muhammad Ejaz et al.
Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022. Institute of Electrical and Electronics Engineers Inc., 2022. p. 69-74 (Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - VulDeBERT

T2 - 33rd IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022

AU - Kim, Soolin

AU - Choi, Jusop

AU - Ahmed, Muhammad Ejaz

AU - Nepal, Surya

AU - Kim, Hyoungshick

PY - 2022

Y1 - 2022

N2 - Deep learning technologies recently received much attention to detect vulnerable code patterns accurately. This paper proposes a new deep learning-based vulnerability detection tool dubbed VulDeBERT by fine-tuning a pre-trained language model, Bidirectional Encoder Representations from Transformers (BERT), on the vulnerable code dataset. To support VulDeBERT, we develop a new code analysis tool to extract well-represented abstract code fragments from C and C++ source code. The experimental results show that VulDeBERT outperforms the state-of-the-art tool, VulDeePecker [1] for two security vul- nerability types (CWE-119 and CWE-399). For the CWE-119 dataset, VulDeBERT achieved an Fl score of 94.6 %, which is significantly better than VulDeePecker, achieving an Fl score of 86.6 % in the same settings. Again, for the CWE-399 dataset, VulDeBERT achieved an Fl score of 97.9 %, which is also better than VulDeePecker, achieving an Fl score of 95 % in the same settings.

AB - Deep learning technologies recently received much attention to detect vulnerable code patterns accurately. This paper proposes a new deep learning-based vulnerability detection tool dubbed VulDeBERT by fine-tuning a pre-trained language model, Bidirectional Encoder Representations from Transformers (BERT), on the vulnerable code dataset. To support VulDeBERT, we develop a new code analysis tool to extract well-represented abstract code fragments from C and C++ source code. The experimental results show that VulDeBERT outperforms the state-of-the-art tool, VulDeePecker [1] for two security vul- nerability types (CWE-119 and CWE-399). For the CWE-119 dataset, VulDeBERT achieved an Fl score of 94.6 %, which is significantly better than VulDeePecker, achieving an Fl score of 86.6 % in the same settings. Again, for the CWE-399 dataset, VulDeBERT achieved an Fl score of 97.9 %, which is also better than VulDeePecker, achieving an Fl score of 95 % in the same settings.

KW - Code Gadget

KW - Vulnerability Detection

UR - https://www.scopus.com/pages/publications/85146314148

U2 - 10.1109/ISSREW55968.2022.00042

DO - 10.1109/ISSREW55968.2022.00042

M3 - Conference contribution

AN - SCOPUS:85146314148

T3 - Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022

SP - 69

EP - 74

BT - Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 31 October 2022 through 3 November 2022

ER -

Kim S, Choi J, Ahmed ME, Nepal S, Kim H. VulDeBERT: A Vulnerability Detection System Using BERT. In Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022. Institute of Electrical and Electronics Engineers Inc. 2022. p. 69-74. (Proceedings - 2022 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2022). doi: 10.1109/ISSREW55968.2022.00042

VulDeBERT: A Vulnerability Detection System Using BERT

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this