Automatic Software Vulnerability Classification Based on Improved Whale Optimization Algorithm and Attention Guided Deep Neural Network
International Journal of Electrical and Electronics Engineering |
© 2024 by SSRG - IJEEE Journal |
Volume 11 Issue 1 |
Year of Publication : 2024 |
Authors : Shazia Ali, Arshia Arjumand Banu |
How to Cite?
Shazia Ali, Arshia Arjumand Banu, "Automatic Software Vulnerability Classification Based on Improved Whale Optimization Algorithm and Attention Guided Deep Neural Network," SSRG International Journal of Electrical and Electronics Engineering, vol. 11, no. 1, pp. 58-67, 2024. Crossref, https://doi.org/10.14445/23488379/IJEEE-V11I1P106
Abstract:
The use of computers and the Internet has had two distinct effects on sectors, given the fast-paced growth of information technology. In addition to ease, they pose significant hazards and covert threats. The primary sources of several safety problems are software flaws. The safety of the system will be severely compromised after hostile assaults have exposed a weakness, and it may even result in catastrophic damage. Automated categorization techniques are thus preferred to manage software vulnerabilities efficiently, enhance system safety, and lower the possibility of system assault and harm. This work proposes a new automatic vulnerability classification model, the Improved Whale Optimisation Algorithm (IWO), and an Attention-guided Deep Neural Network (ADNN). To optimize ADNN hyperparameters, IWO was developed based on the humpback whales’ swarm foraging behaviour. The model uses Information Gain (IG), Term Frequency-Inverse Document Frequency (TF-IDF), and ADNN. TF-IDF is employed to find the frequency and weight of every chat from the vulnerability report. IG is employed for feature selection to get the best feature word set. The ADNN is used to build an automatic weakness classifier to classify security issues accurately. The efficiency of the suggested model has been verified using data from the National Vulnerability Database (NVD) of the United States. The ADNN model outperformed SVM, Naive Bayes, and KNN regarding recall rate, precision, accuracy, and F1-score, among other multi-dimensional assessment measures.
Keywords:
Information technology, Software vulnerabilities, Security, Automatic vulnerability classification model, Attention-guided Deep Neural Network, Improved Whale Optimization algorithm (IWO), Term Frequency-Inverse Document Frequency, Gathering information.
References:
[1] Muhammad Shahzad, Muhammad Zubair Shafiq, and Alex X. Liu, “A Large Scale Exploratory Analysis of Software Vulnerability Life Cycles,” 2012 34th International Conference on Software Engineering (ICSE), Zurich, Switzerland, pp. 771-781, 2012.
[CrossRef] [Google Scholar] [Publisher Link]
[2] CNBC TV18, Technology News, Indian Enterprises Highly Vulnerable to Cyber-Attacks, Says Expert. [Online]. Available: https://www.cnbctv18.com/technology/indian-enterprises-highly-vulnerable-to-cyber-attacks-cyber-expert-14684671.html
[3] Seyed Mohammad Ghaffarian, and Hamid Reza Shahriari, “Software Vulnerability Analysis and Discovery Using Machine-Learning and Data-Mining Techniques: A Survey,” ACM Computing Surveys, vol. 50, no. 4, pp. 1-36, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Gul Jabeen, “Machine Learning Techniques for Software Vulnerability Prediction: A Comparative Study,” Applied Intelligence, vol. 52, pp. 17614-17635, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Aya El-Rahman Kamal El-Deen Ramadan, Ahmed Bahaa, and Amr Ghoneim, “A Systematic Literature Review on Software Vulnerability Detection Using Machine Learning Approaches,” Informatics Bulletin, Faculty of Computers and Artificial Intelligence, vol. 4, no. 1, pp. 1-9, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Guanjun Lin et al., “Software Vulnerability Detection Using Deep Neural Networks: A Survey,” Proceedings of the IEEE, vol. 108, no. 10, pp. 1825-1848, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Laura Wartschinski, “VUDENC: Vulnerability Detection with Deep Learning on a Natural Codebase for Python,” Information and Software Technology, vol. 144, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Han Yan et al., “HAN-BSVD: A Hierarchical Attention Network for Binary Software Vulnerability Detection,” Computers & Security, vol. 108, 2021. [CrossRef] [Google Scholar] [Publisher Link]
[9] Weina Niu, “A Deep Learning Based Static Taint Analysis Approach for IoT Software Vulnerability Location,” Measurement, vol. 152, 2020. [CrossRef] [Google Scholar] [Publisher Link]
[10] Ying Liu, “Software-Defined DDoS Detection with Information Entropy Analysis and Optimized Deep Learning,” Future Generation Computer Systems, vol. 129, pp. 99-114, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Shigang Liu et al., “Deep Balance: Deep-Learning and Fuzzy Oversampling for Vulnerability Detection,” IEEE Transactions on Fuzzy Systems, vol. 28, no. 7, pp. 1329-1343, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Deqing Zou et al., “μμVulDeePecker: A Deep Learning-Based System for Multiclass Vulnerability Detection,” IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 5, pp. 2224-2236, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Zhen Li et al., “Sysevr: A Framework for Using Deep Learning to Detect Software Vulnerabilities,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 4, pp. 2244-2258, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Qian Wang et al., “An Automatic Algorithm for Software Vulnerability Classification Based on CNN and GRU,” Multimedia Tools and Applications, vol. 81, pp. 103-7124, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Junjun Guo et al., “Detecting Vulnerability in Source Code Using CNN and LSTM Network,” Soft Computing, vol. 27, pp. 1131-1141, 2023. [CrossRef] [Google Scholar] [Publisher Link]
[16] Canan Batur Şahin, and Laith Abualigah, “A Novel Deep Learning-Based Feature Selection Model for Improving the Static Analysis of Vulnerability Detection,” Neural Computing and Applications, vol. 33, pp. 14049-14067, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Stop Words, 2018. [Online]. Available: https://pypi.org/project/stop-words/
[18] Guoyan Huang et al., “Automatic Classification Method for Software Vulnerability Based on Deep Neural Network,” IEEE Access, vol. 7, pp. 28291-28298, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[19] Information Technology Laboratory, National Vulnerability Database. [Online]. Available: https://nvd.nist.gov/
[20] Andrzej Brodzicki, Michał Piekarski, and Joanna Jaworek-Korjakowska, “The Whale Optimization Algorithm Approach for Deep Neural Networks,” Sensors, vol. 21, no. 23, pp. 1-16, 2021.
[CrossRef] [Google Scholar] [Publisher Link]