The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches
The detection of software vulnerability requires critical attention during the development phase to make it secure and less vulnerable. Vulnerable software always invites hackers to perform malicious activities and disrupt the operation of the software, which leads to millions in financial losses to...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2021
|
| Subjects: | |
| Online Access: | http://umpir.ump.edu.my/id/eprint/33731/ http://umpir.ump.edu.my/id/eprint/33731/1/The%20rise%20of%20software%20vulnerability%20Taxonomy%20of%20software.pdf |
| _version_ | 1848824330781196288 |
|---|---|
| author | Hazim, Hanif Mohd Hairul Nizam, Md Nasir Mohd Faizal, Ab Razak Ahmad, Firdaus Nor Badrul, Anuar |
| author_facet | Hazim, Hanif Mohd Hairul Nizam, Md Nasir Mohd Faizal, Ab Razak Ahmad, Firdaus Nor Badrul, Anuar |
| author_sort | Hazim, Hanif |
| building | UMP Institutional Repository |
| collection | Online Access |
| description | The detection of software vulnerability requires critical attention during the development phase to make it secure and less vulnerable. Vulnerable software always invites hackers to perform malicious activities and disrupt the operation of the software, which leads to millions in financial losses to software companies. In order to reduce the losses, there are many reliable and effective vulnerability detection systems introduced by security communities aiming to detect the software vulnerabilities as early as in the development or testing phases. To summarise the software vulnerability detection system, existing surveys discussed the conventional and data mining approaches. These approaches are widely used and mostly consist of traditional detection techniques. However, they lack discussion on the newly trending machine learning approaches, such as supervised learning and deep learning techniques. Furthermore, existing studies fail to discuss the growing research interest in the software vulnerability detection community throughout the years. With more discussion on this, we can predict and focus on what are the research problems in software vulnerability detection that need to be urgently addressed. Aiming to reduce these gaps, this paper presents the research interests’ taxonomy in software vulnerability detection, such as methods, detection, features, code and dataset. The research interest categories exhibit current trends in software vulnerability detection. The analysis shows that there is considerable interest in addressing methods and detection problems, while only a few are interested in code and dataset problems. This indicates that there is still much work to be done in terms of code and dataset problems in the future. Furthermore, this paper extends the machine learning approaches taxonomy, which is used to detect the software vulnerabilities, like supervised learning, semi-supervised learning, ensemble learning and deep learning. Based on the analysis, supervised learning and deep learning approaches are trending in the software vulnerability detection community as these techniques are able to detect vulnerabilities such as buffer overflow, SQL injection and cross-site scripting effectively with a significant detection performance, up to 95% of F1 score. Finally, this paper concludes with several discussions on potential future work in software vulnerability detection in terms of datasets, multi-vulnerabilities detection, transfer learning and real-world applications. |
| first_indexed | 2025-11-15T03:11:19Z |
| format | Article |
| id | ump-33731 |
| institution | Universiti Malaysia Pahang |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T03:11:19Z |
| publishDate | 2021 |
| publisher | Elsevier |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | ump-337312022-04-13T08:02:55Z http://umpir.ump.edu.my/id/eprint/33731/ The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches Hazim, Hanif Mohd Hairul Nizam, Md Nasir Mohd Faizal, Ab Razak Ahmad, Firdaus Nor Badrul, Anuar QA75 Electronic computers. Computer science The detection of software vulnerability requires critical attention during the development phase to make it secure and less vulnerable. Vulnerable software always invites hackers to perform malicious activities and disrupt the operation of the software, which leads to millions in financial losses to software companies. In order to reduce the losses, there are many reliable and effective vulnerability detection systems introduced by security communities aiming to detect the software vulnerabilities as early as in the development or testing phases. To summarise the software vulnerability detection system, existing surveys discussed the conventional and data mining approaches. These approaches are widely used and mostly consist of traditional detection techniques. However, they lack discussion on the newly trending machine learning approaches, such as supervised learning and deep learning techniques. Furthermore, existing studies fail to discuss the growing research interest in the software vulnerability detection community throughout the years. With more discussion on this, we can predict and focus on what are the research problems in software vulnerability detection that need to be urgently addressed. Aiming to reduce these gaps, this paper presents the research interests’ taxonomy in software vulnerability detection, such as methods, detection, features, code and dataset. The research interest categories exhibit current trends in software vulnerability detection. The analysis shows that there is considerable interest in addressing methods and detection problems, while only a few are interested in code and dataset problems. This indicates that there is still much work to be done in terms of code and dataset problems in the future. Furthermore, this paper extends the machine learning approaches taxonomy, which is used to detect the software vulnerabilities, like supervised learning, semi-supervised learning, ensemble learning and deep learning. Based on the analysis, supervised learning and deep learning approaches are trending in the software vulnerability detection community as these techniques are able to detect vulnerabilities such as buffer overflow, SQL injection and cross-site scripting effectively with a significant detection performance, up to 95% of F1 score. Finally, this paper concludes with several discussions on potential future work in software vulnerability detection in terms of datasets, multi-vulnerabilities detection, transfer learning and real-world applications. Elsevier 2021 Article PeerReviewed pdf en http://umpir.ump.edu.my/id/eprint/33731/1/The%20rise%20of%20software%20vulnerability%20Taxonomy%20of%20software.pdf Hazim, Hanif and Mohd Hairul Nizam, Md Nasir and Mohd Faizal, Ab Razak and Ahmad, Firdaus and Nor Badrul, Anuar (2021) The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches. Journal of Network and Computer Applications, 179 (103009). pp. 1-24. ISSN 1084-8045. (Published) https://doi.org/10.1016/j.jnca.2021.103009 https://doi.org/10.1016/j.jnca.2021.103009 |
| spellingShingle | QA75 Electronic computers. Computer science Hazim, Hanif Mohd Hairul Nizam, Md Nasir Mohd Faizal, Ab Razak Ahmad, Firdaus Nor Badrul, Anuar The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches |
| title | The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches |
| title_full | The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches |
| title_fullStr | The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches |
| title_full_unstemmed | The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches |
| title_short | The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches |
| title_sort | rise of software vulnerability: taxonomy of software vulnerabilities detection and machine learning approaches |
| topic | QA75 Electronic computers. Computer science |
| url | http://umpir.ump.edu.my/id/eprint/33731/ http://umpir.ump.edu.my/id/eprint/33731/ http://umpir.ump.edu.my/id/eprint/33731/ http://umpir.ump.edu.my/id/eprint/33731/1/The%20rise%20of%20software%20vulnerability%20Taxonomy%20of%20software.pdf |