New research from Monash University presents the most effective approach to accurately predict vulnerabilities in software code and strengthen cybersecurity.
Software vulnerabilities are prevalent across all systems that are built using source codes, causing a variety of problems including deadlock, hacking or even system failures. Thus, early predictions of vulnerabilities are critical for security software systems.
To help combat this, Faculty of Information Technology experts developed the ‘LineVul’ approach, and found it increased accuracy in predicting software vulnerabilities by more than 300 percent while spending only half the usual amount of time and effort, when compared to current best-in-class prediction tools.
LineVul is also able to guard against the top 25 most dangerous and common weaknesses in source codes, and can be applied broadly to strengthen cybersecurity across any application built with source code.
Research co-author Dr Chakkrit Tantithamthavorn, from the Faculty of Information Technology (IT), said standard software programs contain millions to billions of lines of code and it often takes a significant amount of time to identify and rectify vulnerabilities.
“Current state-of-the-art machine learning-based vulnerability prediction tools are still inaccurate and are only able to identify general areas of weakness in the source codes,” Dr Tantithamthavorn said.
“With the proposed LineVul approach we are not only able to predict the most critical areas of vulnerability but also are able to specifically identify the location of vulnerabilities down to the exact line of code.”
Research co-author PhD candidate Michael Fu said the LineVul approach was tested against large-scale real-world datasets with more than 188 thousand lines of software code.
“Software developers normally spend a substantial amount of time trying to identify vulnerabilities in code either during the development process or after the program has been implemented. The existence of vulnerabilities, especially after the implementation of the program, can potentially expose software systems to dangerous cyberattacks.
“The LineVul approach can be broadly applied across any software system to strengthen applications against cyberattacks and can be a significant tool for developers especially in safety-critical areas like software used by the Australian government, defence, finance sectors etc.”
Future research building on the LineVul approach includes the development of new methods to automatically suggest corrections for vulnerabilities in software code.
This research was supported by the Australian Research Council’s Discovery Early Career Researcher Award 2020-2022.
The research findings will be presented during the Mining Software Repositories 2022 conference from 18–20 May.
Dr Chakkrit Tantithamthavorn and Michael Fu from Monash University’s Faculty of IT are
