Treffer: Towards a Block-Level ML-Based Python Vulnerability Detection Tool.

Computer software is driving our everyday life, therefore their security is pivotal. Unfortunately, security flaws are common in software systems, which can result in a variety of serious repercussions, including data loss, secret information disclosure, manipulation, or system failure. Although techniques for detecting vulnerable code exist, the improvement of their accuracy and effectiveness to a practically applicable level remains a challenge. Many existing methods require a substantial amount of human experts labor to develop attributes that indicate vulnerabilities. In a previous work, we have shown that machine learning is suitable for solving the issue automatically by learning features from a vast collection of realworld code and predicting vulnerable code locations. Applying a BERT-based code embedding, LSTM models with best hyperparameters were able to identify seven different security flaws in Python source code with high precision (average of 91%) and recall (average of 83%). Upon the encouraging first empirical results, we go beyond in this paper and discuss the challenges of applying these models in practice and outlining a method that solves these issues. Our goal is to develop a hands-on tool for developers that they can use to pinpoint potentially vulnerable spots in their code. [ABSTRACT FROM AUTHOR]

Copyright of Acta Cybernetica is the property of University of Szeged, Institute of Informatics and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)