| Titre : | Vulnerability detection using deep learning |
| Auteurs : | MOUNA BAKIR, Auteur ; Djemaa Boukhlouf, Auteur ; Djemaa Boukhlouf, Directeur de thèse |
| Type de document : | Monographie imprimée |
| Editeur : | Biskra [Algérie] : Faculté des Sciences Exactes et des Sciences de la Nature et de la Vie, Université Mohamed Khider, 2022 |
| Format : | 1 vol. (79 p.) / couv. ill. en coul / 30 cm |
| Langues: | Français |
| Mots-clés: | Software Vulnerability Detection,security, Deep Learning, CNN |
| Résumé : |
The detection of software vulnerabilities (or vulnerabilities forection. Deep learning is attractive for this purpose because it alleviates the requirement to manually define features. Despite the tremendous success of deep learning in other application domains, its applicability to vulnerability detection is not systematically understood. In order to fill this void, we propose framework for using deep learning to detect vulnerabilities in C/C++ programs with source code. short) is an important problem that has yet to be tackled, as manifested by the many vulnerabilities reported on a daily basis. This calls for machine learning methods for vulnerability det In this work, methods to detect software gaps were mainly performed on function-level function codes C/C + +, We have conducted extensive experiments against a wide range of real-world weaknesses C/C + + obtained from many real-world projects and specifically propose a synthetic neural network for code analysis in which we propose a set of data imported from the Internet with the addition of data manually with the proposal of a model for the inclusion of a normal and unusual function. |
| Sommaire : |
Table of contents General Introduction 1 1 Deep Learning 3 1.1 Introduction 3 1.2 What is artificial intelligence? 3 1.3 What is machine learning? 4 1.3.1 Support vector machines (SVMs) 5 1.4 What Is deep learning ? 5 1.5 Deep learning terminologies 6 1.5.1 Recurrent neuron 6 1.5.2 Vanishing Gradient Problem 7 1.5.3 Exploding gradient problem 7 1.5.4 max-pooling 7 1.5.5 Softmax 7 1.5.6 Neural network 8 1.5.7 Neuron 9 1.5.8 Activation function 10 1.5.9 Learning rate 10 1.5.10 Back propagation 11 1.6 Evolution of deep learning 11 1.7 Deep learning approaches 11 1.7.1 supervised learning 11 1.7.2 Unsupervised learning 12 1.7.3 Semi supervised learning(hybrid learning ) 13 1.7.4 Deep reinforcement learning 14 1.7.5 Algorithms for Deep learning 14 1.8 Fundamental deep learning architectures Deep learning 15 1.8.1 Unsupervised Pre-trained Networks 15 1.8.2 Convolutional Neural Networks 17 1.8.3 Recurrent Neural Networks 17 1.9 Deep learning methods 18 1.9.1 Back propagation 18 1.9.2 Stochastic gradient descent 19 1.9.3 Learning Rate Decay 19 v1.9.4 Dropout 19 1.9.5 Max-Pooling . 19 1.9.6 Batch Normalization . 19 1.9.7 Skip-gram 19 1.9.8 Transfer learning 20 1.10 frameworks deep learning 20 1.10.1 TensorFlow 20 1.10.2 Keras 21 1.10.3 Py Torch 21 1.10.4 Caffe 21 1.10.5 Deeplearning4j 21 1.11 The Applications of Deep Learning 21 1.11.1 Automatic Speech Recognition (ASR) 21 1.11.2 Game Playing 22 1.11.3 Autonomous Driving 22 1.11.4 Chatbots 22 1.11.5 Image captioning 23 1.11.6 News Aggregation and Fake News Detection 23 1.11.7 Text to Speech 23 1.11.8 Machine Translation 23 1.12 Conclusion 23 2 Software vulnerability detection 24 2.1 Introduction 24 2.2 Security objective 24 2.2.1 Confidentiality 24 2.2.2 Integrity 24 2.2.3 Authentication 24 2.2.4 Non-Repudiation 24 2.2.5 Availability 25 2.3 Terminology 25 2.3.1 Vulnerability 25 2.3.2 Attack(Exploit) 25 2.3.3 Threat 25 2.3.4 Software 25 2.3.5 Counter measure . 26 2.3.6 Risk 26 2.4 The Open Web Application Security Project (OWASP) Top Ten 26 2.4.1 What is the OWASP? 26 2.4.2 Top Ten 2021 List 26 2.5 National vulnerability database (NVD) 29 2.5.1 Common Vulnerabilities and Exposures (CVE) 29 2.6 SANS Top 25 Security Vulnerabilities In Software Applications 29 2.6.1 SANS 29 2.6.2 What the term CWE means? 30 2.6.3 The CWE Top 25 30 2.7 Vulnerability Detection methods 36 vi2.7.1 Fuzzing 36 2.7.2 Web Application Scanner 36 2.7.3 Static Analysis Techniques 36 2.7.4 Brick 36 2.7.5 CRED: C Range Error Detector 37 2.8 Related Work 37 2.8.1 VUDENC: Vulnerability Detection with Deep Learning on a Natural Code base for Python . 37 2.8.2 VulDeePecker: A Deep Learning-Based System for Multiclass Vulnerability Detection 38 2.8.3 SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities 40 2.9 Conclusion 41 3 Design 42 3.1 Introduction42 3.2 General system design 42 3.2.1 System objective 42 3.2.2 Architecture of the system 42 3.3 Detailed system design 43 3.3.1 Data collection 43 3.3.2 Data preparation 44 3.3.3 Classification and Training 45 3.3.4 Use of the Model 46 3.4 Design by UML 47 3.4.1 Sequence Diagram for ”Inscription ” 47 3.4.2 Sequence diagram ”authenticate” 48 3.5 Conclusion 48 4 Implementation and results 49 4.1 Introduction 49 4.2 Environment and tools 49 4.2.1 Python 49 4.2.2 WAMP(Windows, Apache, MySQL, PHP) 50 4.2.3 TensorFlow 50 4.2.4 Keras 50 4.2.5 TfidfVectorizer 51 4.2.6 Tkinter 51 4.3 Data Structures 51 4.3.1 Data base 51 4.3.2 Dataset Used 52 4.3.3 Training and Testing 53 4.4 Our application interfaces 57 4.4.1 Interface ”Login” 57 4.4.2 Interface ”Registration” . 57 4.4.3 Main interface 58 4.5 Conclusion 59 viiGeneral conclusion 60 |
Disponibilité (1)
| Cote | Support | Localisation | Statut |
|---|---|---|---|
| MINF/690 | Mémoire master | bibliothèque sciences exactes | Consultable |
