A Systematic Literature Review on Automated Software Vulnerability Detection Using Machine Learning

In recent years, numerous Machine Learning (ML) models, including Deep Learning (DL) and classic ML models, have been developed to detect software vulnerabilities. However, there is a notable lack of comprehensive and systematic surveys that summarize, classify, and analyze the applications of these...

Full description

Saved in:

Bibliographic Details
Published in	ACM computing surveys Vol. 57; no. 3; pp. 1 - 36
Main Authors	Shiri Harzevili, Nima, Boaye Belle, Alvine, Wang, Junjie, Wang, Song, Jiang, Zhen Ming (Jack), Nagappan, Nachiappan
Format	Journal Article
Language	English
Published	New York, NY ACM 01.03.2025 Association for Computing Machinery
Subjects	Deep learning Digital libraries Digital systems Embedding Graph neural networks International conferences Literature reviews Machine learning Neural networks Recurrent neural networks Reliability engineering Representations Security and privacy Software engineering Software reliability Software security engineering Source code Systematic review Taxonomy deep learning software security software bug detection Source code machine learning software vulnerability detection
Online Access	Get full text
ISSN	0360-0300 1557-7341
DOI	10.1145/3699711

Cover

Abstract	In recent years, numerous Machine Learning (ML) models, including Deep Learning (DL) and classic ML models, have been developed to detect software vulnerabilities. However, there is a notable lack of comprehensive and systematic surveys that summarize, classify, and analyze the applications of these ML models in software vulnerability detection. This absence may lead to critical research areas being overlooked or under-represented, resulting in a skewed understanding of the current state of the art in software vulnerability detection. To close this gap, we propose a comprehensive and systematic literature review that characterizes the different properties of ML-based software vulnerability detection systems using six major Research Questions (RQs). Using a custom web scraper, our systematic approach involves extracting a set of studies from four widely used online digital libraries: ACM Digital Library, IEEE Xplore, ScienceDirect, and Google Scholar. We manually analyzed the extracted studies to filter out irrelevant work unrelated to software vulnerability detection, followed by creating taxonomies and addressing RQs. Our analysis indicates a significant upward trend in applying ML techniques for software vulnerability detection over the past few years, with many studies published in recent years. Prominent conference venues include the International Conference on Software Engineering (ICSE), the International Symposium on Software Reliability Engineering (ISSRE), the Mining Software Repositories (MSR) conference, and the ACM International Conference on the Foundations of Software Engineering (FSE), whereas Information and Software Technology (IST), Computers & Security (C&S), and Journal of Systems and Software (JSS) are the leading journal venues. Our results reveal that 39.1% of the subject studies use hybrid sources, whereas 37.6% of the subject studies utilize benchmark data for software vulnerability detection. Code-based data are the most commonly used data type among subject studies, with source code being the predominant subtype. Graph-based and token-based input representations are the most popular techniques, accounting for 57.2% and 24.6% of the subject studies, respectively. Among the input embedding techniques, graph embedding and token vector embedding are the most frequently used techniques, accounting for 32.6% and 29.7% of the subject studies. Additionally, 88.4% of the subject studies use DL models, with recurrent neural networks and graph neural networks being the most popular subcategories, whereas only 7.2% use classic ML models. Among the vulnerability types covered by the subject studies, CWE-119, CWE-20, and CWE-190 are the most frequent ones. In terms of tools used for software vulnerability detection, Keras with TensorFlow backend and PyTorch libraries are the most frequently used model-building tools, accounting for 42 studies for each. In addition, Joern is the most popular tool used for code representation, accounting for 24 studies. Finally, we summarize the challenges and future directions in the context of software vulnerability detection, providing valuable insights for researchers and practitioners in the field.
AbstractList	In recent years, numerous Machine Learning (ML) models, including Deep Learning (DL) and classic ML models, have been developed to detect software vulnerabilities. However, there is a notable lack of comprehensive and systematic surveys that summarize, classify, and analyze the applications of these ML models in software vulnerability detection. This absence may lead to critical research areas being overlooked or under-represented, resulting in a skewed understanding of the current state of the art in software vulnerability detection. To close this gap, we propose a comprehensive and systematic literature review that characterizes the different properties of ML-based software vulnerability detection systems using six major Research Questions (RQs). Using a custom web scraper, our systematic approach involves extracting a set of studies from four widely used online digital libraries: ACM Digital Library, IEEE Xplore, ScienceDirect, and Google Scholar. We manually analyzed the extracted studies to filter out irrelevant work unrelated to software vulnerability detection, followed by creating taxonomies and addressing RQs. Our analysis indicates a significant upward trend in applying ML techniques for software vulnerability detection over the past few years, with many studies published in recent years. Prominent conference venues include the International Conference on Software Engineering (ICSE), the International Symposium on Software Reliability Engineering (ISSRE), the Mining Software Repositories (MSR) conference, and the ACM International Conference on the Foundations of Software Engineering (FSE), whereas Information and Software Technology (IST), Computers & Security (C&S), and Journal of Systems and Software (JSS) are the leading journal venues. Our results reveal that 39.1% of the subject studies use hybrid sources, whereas 37.6% of the subject studies utilize benchmark data for software vulnerability detection. Code-based data are the most commonly used data type among subject studies, with source code being the predominant subtype. Graph-based and token-based input representations are the most popular techniques, accounting for 57.2% and 24.6% of the subject studies, respectively. Among the input embedding techniques, graph embedding and token vector embedding are the most frequently used techniques, accounting for 32.6% and 29.7% of the subject studies. Additionally, 88.4% of the subject studies use DL models, with recurrent neural networks and graph neural networks being the most popular subcategories, whereas only 7.2% use classic ML models. Among the vulnerability types covered by the subject studies, CWE-119, CWE-20, and CWE-190 are the most frequent ones. In terms of tools used for software vulnerability detection, Keras with TensorFlow backend and PyTorch libraries are the most frequently used model-building tools, accounting for 42 studies for each. In addition, Joern is the most popular tool used for code representation, accounting for 24 studies. Finally, we summarize the challenges and future directions in the context of software vulnerability detection, providing valuable insights for researchers and practitioners in the field. In recent years, numerous Machine Learning (ML) models, including Deep Learning (DL) and classic ML models, have been developed to detect software vulnerabilities. However, there is a notable lack of comprehensive and systematic surveys that summarize, classify, and analyze the applications of these ML models in software vulnerability detection. This absence may lead to critical research areas being overlooked or under-represented, resulting in a skewed understanding of the current state of the art in software vulnerability detection. To close this gap, we propose a comprehensive and systematic literature review that characterizes the different properties of ML-based software vulnerability detection systems using six major Research Questions (RQs). Using a custom web scraper, our systematic approach involves extracting a set of studies from four widely used online digital libraries: ACM Digital Library, IEEE Xplore, ScienceDirect, and Google Scholar. We manually analyzed the extracted studies to filter out irrelevant work unrelated to software vulnerability detection, followed by creating taxonomies and addressing RQs. Our analysis indicates a significant upward trend in applying ML techniques for software vulnerability detection over the past few years, with many studies published in recent years. Prominent conference venues include the International Conference on Software Engineering (ICSE), the International Symposium on Software Reliability Engineering (ISSRE), the Mining Software Repositories (MSR) conference, and the ACM International Conference on the Foundations of Software Engineering (FSE), whereas Information and Software Technology (IST), Computers & Security (C&S), and Journal of Systems and Software (JSS) are the leading journal venues. Our results reveal that 39.1% of the subject studies use hybrid sources, whereas 37.6% of the subject studies utilize benchmark data for software vulnerability detection. Code-based data are the most commonly used data type among subject studies, with source code being the predominant subtype. Graph-based and token-based input representations are the most popular techniques, accounting for 57.2% and 24.6% of the subject studies, respectively. Among the input embedding techniques, graph embedding and token vector embedding are the most frequently used techniques, accounting for 32.6% and 29.7% of the subject studies. Additionally, 88.4% of the subject studies use DL models, with recurrent neural networks and graph neural networks being the most popular subcategories, whereas only 7.2% use classic ML models. Among the vulnerability types covered by the subject studies, CWE-119, CWE-20, and CWE-190 are the most frequent ones. In terms of tools used for software vulnerability detection, Keras with TensorFlow backend and PyTorch libraries are the most frequently used model-building tools, accounting for 42 studies for each. In addition, Joern is the most popular tool used for code representation, accounting for 24 studies. Finally, we summarize the challenges and future directions in the context of software vulnerability detection, providing valuable insights for researchers and practitioners in the field.
ArticleNumber	55
Author	Boaye Belle, Alvine Jiang, Zhen Ming (Jack) Shiri Harzevili, Nima Wang, Song Wang, Junjie Nagappan, Nachiappan
Author_xml	– sequence: 1 givenname: Nima orcidid: 0000-0003-0484-3972 surname: Shiri Harzevili fullname: Shiri Harzevili, Nima email: nshiri@yorku.ca organization: , , , – sequence: 2 givenname: Alvine orcidid: 0000-0001-7533-7212 surname: Boaye Belle fullname: Boaye Belle, Alvine email: alvine.belle@lassonde.yorku.ca organization: , , , – sequence: 3 givenname: Junjie orcidid: 0000-0002-9941-6713 surname: Wang fullname: Wang, Junjie email: junjie@iscas.ac.cn organization: , , , – sequence: 4 givenname: Song orcidid: 0000-0003-0617-2877 surname: Wang fullname: Wang, Song email: wangsong@yorku.ca organization: , , , – sequence: 5 givenname: Zhen Ming (Jack) orcidid: 0000-0002-3063-3197 surname: Jiang fullname: Jiang, Zhen Ming (Jack) email: zmjiang@cse.yorku.ca organization: , , , – sequence: 6 givenname: Nachiappan orcidid: 0000-0003-1358-4124 surname: Nagappan fullname: Nagappan, Nachiappan email: nachiappan.nagappan@gmail.com organization: , , ,
BookMark	eNo90N9LwzAQB_AgE9ym-O5TwAefqrmmSdvHMX9CRXDO15JmV83Y0pmkjv33RjZ9OA7u--EObkQGtrNIyDmwa4BM3HBZljnAERmCEHmS8wwGZMi4ZAnjjJ2QkfdLxliagRwSPaGznQ-4VsFoWpmAToXeIX3Fb4Nb2lk66UMXY1zQWdeGrYrhe7-yETZmZcKO3mJAHUykc2_sB31W-tNYpBUqZ-PglBy3auXx7NDHZH5_9zZ9TKqXh6fppEpUyrOQSMahyVjTslQseA4SilwCl6JBHWvBpS7KDFA1Laq0LDIm0kaIqBqRas35mFzu925c99WjD_Wy652NJ2sOuQAoCl5GdbVX2nXeO2zrjTNr5XY1sPr3g_Xhg1Fe7KXS63_0F_4AxnVsSA
Cites_doi	10.1109/SP.2014.44 10.1145/3360588 10.1145/1273442.1250746 10.1145/3540250.3549165 10.1109/BigData50022.2020.9377803 10.1109/TDSC.2020.2984505 10.1162/neco.2006.18.7.1527 10.1016/j.infsof.2023.107328 10.1007/s11219-019-09467-0 10.1109/DSN53405.2022.00026 10.1109/TII.2018.2821768 10.1109/ASE56229.2023.00084 10.1145/3597503.3639117 10.1016/j.jisa.2022.103293 10.1109/QRS-C60940.2023.00078 10.1016/j.future.2022.04.008 10.1109/TrustCom56396.2022.00046 10.1109/ISSRE59848.2023.00024 10.1145/3641846 10.1016/j.ins.2020.11.053 10.1109/TSE.2023.3317209 10.1109/ETNCC59188.2023.10284955 10.1109/TSE.2018.2881961 10.1109/JPROC.2020.2993293 10.1016/j.jisa.2023.103555 10.1145/3360588 10.1109/MSR59073.2023.00052 10.14722/ndss.2023.23263 10.1109/TIFS.2024.3392536 10.1109/TKDE.2023.3333371 10.1145/3468264.3468597 10.1109/TDSC.2021.3076142 10.1016/j.infsof.2018.10.001 10.1109/ICECCS.2019.00012 10.1109/TDSC.2021.3051525 10.1109/TSE.2023.3340267 10.1007/978-3-319-92624-7_1 10.1145/1292414.1292416 10.1145/3429444 10.1109/TrustCom56396.2022.00070 10.1016/j.cose.2023.103247 10.1016/j.cose.2024.103787 10.1145/3276517 10.1016/j.compeleceng.2023.108766 10.1145/2508859.2516665 10.1109/TSE.2023.3285910 10.1016/j.neucom.2021.05.043 10.1016/j.jss.2023.111699 10.24963/ijcai.2019/648 10.1016/j.cose.2022.102823 10.1145/2884781.2884804 10.1145/2382196.2382284 10.1109/ISSRE59848.2023.00030 10.1145/3540250.3558927 10.1109/ISSRE52982.2021.00047 10.1016/j.cose.2024.103732 10.1016/j.jisa.2023.103484 10.1145/3524842.3527949 10.1007/978-3-030-47436-2_13 10.1109/TSE.2022.3140868 10.1016/j.infsof.2024.107442 10.1016/j.infsof.2020.106289 10.1016/j.jss.2023.111705 10.1016/j.comnet.2024.110238 10.1016/j.cose.2023.103508 10.1145/3436877 10.1109/COMST.2018.2885561 10.1016/j.cose.2021.102286 10.1109/TIFS.2020.3044773 10.1109/ISSRE52982.2021.00020 10.1016/j.infsof.2015.03.007 10.1016/j.infsof.2023.107290 10.1109/TIFS.2021.3050051 10.1145/3529757 10.1145/3510003.3510219 10.1109/GLOCOM.2017.8254428 10.1145/3611643.3616346 10.1109/ICSE48619.2023.00189 10.1109/DSAA54385.2022.10032337 10.1016/j.jss.2023.111775 10.24963/ijcai.2019/937 10.1145/3477535 10.1016/j.cose.2023.103469 10.1109/ICECCS.2019.00011 10.1109/QRS.2017.42 10.1145/3230833.3230856 10.1109/BigData47090.2019.9006514 10.1016/j.jss.2024.112039 10.24963/ijcai.2020/454 10.1016/j.infsof.2023.107246 10.1109/ISSRE52982.2021.00054 10.1109/TSE.2014.2340398 10.1006/csla.1999.0128 10.1016/j.jisa.2023.103423 10.1109/TSE.2021.3087402 10.1016/j.asoc.2024.111556 10.1109/ICSE48619.2023.00022 10.1145/3597503.3623345 10.1145/3422622 10.1109/TIFS.2024.3374219 10.1109/TSE.2018.2877612 10.1016/j.jss.2023.111706 10.1016/j.asoc.2018.04.020 10.1016/j.infsof.2021.106809 10.1109/ASE56229.2023.00181 10.1109/SEAA51224.2020.00085 10.1109/IJCNN55064.2022.9892280 10.1016/j.array.2019.100011 10.1109/MSR.2019.00016 10.1016/j.knosys.2022.108852 10.1109/ICMLA.2018.00120 10.1109/ICSE48619.2023.00088 10.1016/j.infsof.2023.107371 10.1016/j.eswa.2023.121865 10.1145/3379597.3387461 10.1109/ISSRE59848.2023.00042 10.1016/j.cose.2021.102308 10.1109/BigData59044.2023.10386771 10.1016/j.jss.2024.112014 10.1109/ICSE43902.2021.00040 10.1109/MCSoC60832.2023.00053 10.1145/3551349.3560428 10.1016/j.infsof.2024.107406 10.1016/j.cose.2022.103023 10.1016/j.infsof.2024.107453 10.1016/j.knosys.2020.106646 10.1109/ICSE48619.2023.00191 10.1016/j.cose.2023.103341 10.1016/j.infsof.2023.107219 10.1016/j.jss.2020.110616 10.1109/ICSE48619.2023.00190 10.1016/j.jss.2024.112031 10.1016/j.cose.2021.102417 10.1007/s10703-005-3401-0 10.1145/3457337.3457841 10.1145/3585386 10.1109/TSE.2022.3207149 10.1145/3106237.3117771 10.1145/3533767.3534371 10.1016/j.jss.2018.12.001 10.1049/iet-sen.2020.0084 10.1201/b20091 10.1016/j.jss.2023.111623 10.1109/TDSC.2019.2954088 10.1016/j.infsof.2021.106576 10.1016/j.infsof.2023.107168 10.1109/ESEM.2013.19 10.1016/j.jss.2023.111919 10.1038/s41598-024-56871-z 10.24963/ijcai.2017/214 10.1145/2810103.2813604 10.1109/MSR59073.2023.00018 10.1109/ACCESS.2020.3034766 10.1016/j.jss.2023.111772 10.1109/ICSE48619.2023.00129 10.1016/j.cose.2022.103017 10.1145/2420950.2421003 10.1016/j.jss.2022.111550 10.1145/1348250.1348254 10.1109/SANER53432.2022.00114 10.1145/3092566 10.1016/j.ins.2023.03.132 10.1016/j.eswa.2023.121764 10.1145/3664602 10.1007/978-3-030-68110-4_7 10.1016/j.engappai.2024.108296
ContentType	Journal Article
Copyright	Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Copyright Association for Computing Machinery Mar 2025
Copyright_xml	– notice: Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from – notice: Copyright Association for Computing Machinery Mar 2025
DBID	AAYXX CITATION 7SC 8FD JQ2 L7M L~C L~D
DOI	10.1145/3699711
DatabaseName	CrossRef Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional
DatabaseTitle	CrossRef Computer and Information Systems Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Advanced Technologies Database with Aerospace ProQuest Computer Science Collection Computer and Information Systems Abstracts Professional
DatabaseTitleList	CrossRef Computer and Information Systems Abstracts
DeliveryMethod	fulltext_linktorsrc
Discipline	Computer Science
DocumentTitleAlternate	A Systematic Literature Review on Automated Software Vulnerability Detection Using Machine Learning
EISSN	1557-7341
EndPage	36
ExternalDocumentID	10_1145_3699711 3699711
GroupedDBID	--Z -DZ -~X .DC 23M 4.4 5GY 5VS 6J9 85S 8US 8VB AAIKC AAKMM AALFJ AAMNW AAYFX ABPPZ ACGFO ACGOD ACM ACNCT ADBCU ADL ADMLS AEBYY AEFXT AEGXH AEJOY AEMOZ AENEX AENSD AETEA AFWIH AFWXC AGHSJ AHQJS AIAGR AIKLT AKRVB AKVCP ALMA_UNASSIGNED_HOLDINGS ASPBG AVWKF BDXCO CCLIF CS3 FEDTE GUFHI HGAVV H~9 IAO ICD IEA IGS IOF K1G LHSKQ N95 P1C P2P PQQKQ QWB RNS ROL RXW TAE TH9 U5U UKR UPT WH7 X6Y XH6 XSW XZL YXB ZCA ZL0 77I AAYXX CITATION 7SC 8FD JQ2 L7M L~C L~D
ID	FETCH-LOGICAL-a234t-6031b40bf025d371618761365bec5bed36c8941eabfea2984052b55187b52cc33
ISSN	0360-0300
IngestDate	Mon Jun 30 12:14:10 EDT 2025 Wed Oct 01 05:59:18 EDT 2025 Wed Jun 25 16:30:20 EDT 2025
IsDoiOpenAccess	true
IsOpenAccess	true
IsPeerReviewed	true
IsScholarly	true
Issue	3
Keywords	deep learning software security software bug detection Source code machine learning software vulnerability detection
Language	English
LinkModel	OpenURL
MergedId	FETCHMERGED-LOGICAL-a234t-6031b40bf025d371618761365bec5bed36c8941eabfea2984052b55187b52cc33
Notes	ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14
ORCID	0000-0002-9941-6713 0000-0002-3063-3197 0000-0003-0484-3972 0000-0001-7533-7212 0000-0003-0617-2877 0000-0003-1358-4124
OpenAccessLink	https://dl.acm.org/doi/10.1145/3699711
PQID	3175118839
PQPubID	47570
PageCount	36
ParticipantIDs	proquest_journals_3175118839 crossref_primary_10_1145_3699711 acm_primary_3699711
ProviderPackageCode	CITATION AAYXX
PublicationCentury	2000
PublicationDate	2025-03-01
PublicationDateYYYYMMDD	2025-03-01
PublicationDate_xml	– month: 03 year: 2025 text: 2025-03-01 day: 01
PublicationDecade	2020
PublicationPlace	New York, NY
PublicationPlace_xml	– name: New York, NY – name: Baltimore
PublicationTitle	ACM computing surveys
PublicationTitleAbbrev	ACM CSUR
PublicationYear	2025
Publisher	ACM Association for Computing Machinery
Publisher_xml	– name: ACM – name: Association for Computing Machinery
References	(Bib0036) 2023; 130 (Bib0089) 2021 (Bib0148) 2023; 125 (Bib0149) 2022; 144 (Bib0154) 2024 (Bib0132) 2024; 139 (Bib0002) 2021; 213 (Bib0015) 2020; 167 (Bib0187) 2020 (Bib0091) 2023; 204 (Bib0059) 2023 (Bib0104) 2022 (Bib0174) 2023 (Bib0117) 2017 (Bib0167) 2005; 27 (Bib0019) 2020 (Bib0029) 2022 (Bib0151) 2024 (Bib0092) 2024; 238 (Bib0139) 2020; 123 (Bib0141) 2023 (Bib0134) 2023; 73 (Bib0003) 2021 (Bib0096) 2021 (Bib0053) 2023 (Bib0046) 2023 (Bib0111) 2022 (Bib0076) 2024 (Bib0159) 2022; 69 (Bib0021) 2019 (Bib0083) 2022 (Bib0056) 2019 (Bib0099) 2016 (Bib0017) 2024; 171 (Bib0057) 2024; 158 (Bib0143) 2023; 202 (Bib0157) 2024 (Bib0124) 2020; 14 (Bib0040) 2017; 50 (Bib0041) 2021; 553 (Bib0177) 2022 (Bib0137) 2022 (Bib0087) 2019; 18 (Bib0001) 2019 (Bib0033) 2020; 28 (Bib0152) 2023; 134 (Bib0055) 2006; 18 (Bib0086) 2020; 108 (Bib0106) 2024 (Bib0054) 2022 (Bib0072) 2022; 55 (Bib0063) 2021; 106 (Bib0060) 2024; 14 (Bib0070) 2018 (Bib0169) 2023 (Bib0008) 2024; 209 (Bib0067) 2019 (Bib0024) 2023 (Bib0079) 2019; 3 (Bib0098) 2024; 212 (Bib0038) 2022 (Bib0048) 2022 (Bib0122) 2014; 40 (Bib0113) 2023 (Bib0081) 2023 (Bib0090) 2021; 31 (Bib0129) 2024 (Bib0190) 2021; 30 (Bib0127) 2023; 160 (Bib0133) 2018; 21 (Bib0186) 2022; 248 (Bib0049) 2022; 134 Bib0006 (Bib0135) 2024 (Bib0173) 2020; 8 (Bib0093) 2022 (Bib0044) 2020; 63 (Bib0045) 2023; 135 (Bib0100) 2020 (Bib0010) 2021; 136 (Bib0031) 2023; 158 (Bib0158) 2024 (Bib0030) 2023; 163 (Bib0043) 2019 (Bib0014) 2019 (Bib0112) 2022 (Bib0142) 2020; 16 (Bib0039) 2024; 33 (Bib0180) 2021 (Bib0075) 2023; 26 (Bib0147) 2023 (Bib0061) 2022; 49 (Bib0107) 2020 (Bib0037) 2020 (Bib0066) 2018 (Bib0071) 2018 (Bib0077) 2023; 125 (Bib0101) 2013 (Bib0026) 2018; 47 (Bib0082) 2023 (Bib0085) 2018 (Bib0136) 2023; 199 (Bib0035) 2013 (Bib0005) 2012 (Bib0183) 2019 (Bib0163) 2013 (Bib0126) 2019; 106 (Bib0128) 2020 (Bib0016) 2023; 204 (Bib0160) 2014 (Bib0020) 2021; 30 (Bib0125) 2023 (Bib0140) 2024; 238 (Bib0153) 2021 (Bib0176) 2023; 75 (Bib0065) 2007 (Bib0120) 2023; 109 (Bib0182) 2023; 77 (Bib0105) 2023 (Bib0110) 2023 (Bib0146) 2016 (Bib0013) 2023; 202 (Bib0051) 2021; 460 (Bib0080) 2019; 3 (Bib0018) 1999; 13 (Bib0168) 2023 (Bib0078) 2021 (Bib0130) 2022 (Bib0064) 2023; 636 (Bib0175) 2024; 167 (Bib0088) 2018; 14 (Bib0188) 2022 (Bib0170) 2023 (Bib0144) 2024; 133 (Bib0095) 2020 (Bib0185) 2023 (Bib0004) 2021 (Bib0150) 2023 (Bib0042) 2007 (Bib0108) 2024; 169 (Bib0166) 2017 (Bib0165) 2022 (Bib0131) 2021; 110 (Bib0012) 2022 (Bib0007) 2023; 195 (Bib0052) 2023 (Bib0179) 2021 (Bib0172) 2021 (Bib0171) 2023; 202 (Bib0011) 2022 (Bib0032) 2024; 213 (Bib0084) 2022 (Bib0181) 2023; 160 (Bib0103) 2022 (Bib0119) 2022; 9 (Bib0068) 2024 (Bib0025) 2008; 17 (Bib0027) 2018; 47 (Bib0028) 2020 (Bib0109) 2024 (Bib0123) 2008; 39 (Bib0164) 2021; 108 (Bib0102) 2007; 42 (Bib0114) 2019; 150 (Bib0115) 2015 (Bib0162) 2011 (Bib0047) 2022; 121 (Bib0156) 2023 (Bib0058) 2021; 16 (Bib0073) 2021 (Bib0138) 2023; 132 (Bib0074) 2017 (Bib0184) 2017 (Bib0178) 2024 (Bib0118) 2018; 2 (Bib0050) 2018; 69 (Bib0189) 2019; 18 (Bib0009) 2023; 164 (Bib0034) 2019 (Bib0023) 2017 (Bib0094) 2019; 28 (Bib0069) 2019; 3 (Bib0116) 2015; 64 (Bib0155) 2022 (Bib0097) 2023 (Bib0121) 2018 (Bib0022) 2022 (Bib0161) 2012 (Bib0145) 2018; 46 (Bib0062) 2023 e_1_3_2_28_2 e_1_3_2_191_2 e_1_3_2_172_2 e_1_3_2_20_2 e_1_3_2_43_2 e_1_3_2_62_2 e_1_3_2_85_2 e_1_3_2_24_2 e_1_3_2_47_2 e_1_3_2_89_2 e_1_3_2_100_2 e_1_3_2_123_2 e_1_3_2_146_2 e_1_3_2_169_2 e_1_3_2_104_2 e_1_3_2_142_2 e_1_3_2_165_2 e_1_3_2_188_2 e_1_3_2_81_2 e_1_3_2_127_2 e_1_3_2_108_2 e_1_3_2_16_2 e_1_3_2_7_2 e_1_3_2_39_2 e_1_3_2_161_2 e_1_3_2_184_2 e_1_3_2_54_2 e_1_3_2_31_2 e_1_3_2_73_2 e_1_3_2_180_2 e_1_3_2_12_2 e_1_3_2_58_2 e_1_3_2_96_2 e_1_3_2_3_2 e_1_3_2_35_2 e_1_3_2_77_2 e_1_3_2_112_2 e_1_3_2_135_2 e_1_3_2_158_2 e_1_3_2_92_2 e_1_3_2_154_2 e_1_3_2_177_2 e_1_3_2_50_2 e_1_3_2_116_2 e_1_3_2_139_2 e_1_3_2_48_2 e_1_3_2_190_2 e_1_3_2_40_2 e_1_3_2_86_2 e_1_3_2_171_2 e_1_3_2_21_2 e_1_3_2_63_2 e_1_3_2_44_2 e_1_3_2_25_2 e_1_3_2_67_2 e_1_3_2_145_2 e_1_3_2_126_2 e_1_3_2_168_2 e_1_3_2_82_2 e_1_3_2_103_2 e_1_3_2_141_2 e_1_3_2_187_2 e_1_3_2_122_2 e_1_3_2_164_2 Dinella Elizabeth (e_1_3_2_29_2) 2020 e_1_3_2_149_2 e_1_3_2_107_2 e_1_3_2_17_2 e_1_3_2_59_2 e_1_3_2_6_2 Suciu Octavian (e_1_3_2_131_2) 2022 Schütze Hinrich (e_1_3_2_124_2) 2008 e_1_3_2_183_2 e_1_3_2_32_2 e_1_3_2_51_2 e_1_3_2_160_2 e_1_3_2_13_2 e_1_3_2_55_2 e_1_3_2_78_2 e_1_3_2_97_2 e_1_3_2_2_2 e_1_3_2_134_2 e_1_3_2_93_2 e_1_3_2_115_2 e_1_3_2_157_2 e_1_3_2_130_2 e_1_3_2_176_2 e_1_3_2_70_2 Kim Taegyu (e_1_3_2_68_2) 2019 e_1_3_2_111_2 e_1_3_2_153_2 Le Tue (e_1_3_2_72_2) 2018 e_1_3_2_138_2 Phan Anh Viet (e_1_3_2_118_2) 2017 e_1_3_2_119_2 e_1_3_2_26_2 e_1_3_2_49_2 e_1_3_2_41_2 e_1_3_2_64_2 e_1_3_2_87_2 e_1_3_2_151_2 e_1_3_2_170_2 e_1_3_2_22_2 e_1_3_2_45_2 Le Triet Huynh Minh (e_1_3_2_74_2) 2021 e_1_3_2_125_2 e_1_3_2_148_2 e_1_3_2_167_2 e_1_3_2_60_2 e_1_3_2_83_2 e_1_3_2_102_2 e_1_3_2_121_2 e_1_3_2_144_2 e_1_3_2_186_2 e_1_3_2_106_2 e_1_3_2_129_2 e_1_3_2_9_2 e_1_3_2_37_2 e_1_3_2_18_2 e_1_3_2_75_2 e_1_3_2_140_2 e_1_3_2_182_2 e_1_3_2_10_2 e_1_3_2_52_2 e_1_3_2_5_2 e_1_3_2_33_2 e_1_3_2_79_2 e_1_3_2_14_2 e_1_3_2_56_2 e_1_3_2_98_2 e_1_3_2_114_2 e_1_3_2_137_2 e_1_3_2_156_2 e_1_3_2_179_2 e_1_3_2_94_2 e_1_3_2_71_2 e_1_3_2_110_2 e_1_3_2_133_2 e_1_3_2_152_2 e_1_3_2_175_2 e_1_3_2_90_2 e_1_3_2_27_2 (e_1_3_2_36_2) 2013 e_1_3_2_150_2 e_1_3_2_173_2 e_1_3_2_65_2 e_1_3_2_42_2 e_1_3_2_84_2 e_1_3_2_23_2 e_1_3_2_69_2 e_1_3_2_46_2 e_1_3_2_88_2 e_1_3_2_147_2 e_1_3_2_189_2 e_1_3_2_61_2 e_1_3_2_120_2 e_1_3_2_166_2 e_1_3_2_80_2 e_1_3_2_101_2 e_1_3_2_143_2 e_1_3_2_185_2 e_1_3_2_109_2 e_1_3_2_105_2 e_1_3_2_128_2 e_1_3_2_15_2 e_1_3_2_38_2 e_1_3_2_8_2 e_1_3_2_19_2 Yamaguchi Fabian (e_1_3_2_163_2) 2011 e_1_3_2_30_2 e_1_3_2_53_2 e_1_3_2_76_2 e_1_3_2_99_2 e_1_3_2_162_2 (e_1_3_2_66_2) 2007 e_1_3_2_181_2 e_1_3_2_11_2 e_1_3_2_34_2 e_1_3_2_57_2 e_1_3_2_95_2 e_1_3_2_4_2 e_1_3_2_91_2 e_1_3_2_113_2 e_1_3_2_159_2 e_1_3_2_136_2 e_1_3_2_178_2 e_1_3_2_155_2 e_1_3_2_132_2 e_1_3_2_174_2 e_1_3_2_117_2
References_xml	– volume: 39 year: 2008 ident: Bib0123 publication-title: Introduction to Information Retrieval – volume: 139 start-page: 103732 year: 2024 ident: Bib0132 article-title: VDTriplet: Vulnerability detection with graph semantics using triplet model publication-title: Computers & Security – start-page: 27 year: 2023 end-page: 38 ident: Bib0053 article-title: Characterizing and understanding software security vulnerabilities in machine learning libraries publication-title: Proceedings of the 20th International Conference on Mining Software Repositories (MSR’23) – year: 2007 ident: Bib0065 publication-title: Guidelines for Performing Systematic Literature Reviews in Software Engineering – year: 2022 ident: Bib0083 article-title: VulDeeLocator: A deep learning-based fine-grained vulnerability detector publication-title: IEEE Transactions on Dependable and Secure Computing – year: 2022 ident: Bib0188 article-title: mVulPreter: A multi-granularity vulnerability detection system with interpretations publication-title: IEEE Transactions on Dependable and Secure Computing. – year: 2022 ident: Bib0155 article-title: VulCNN: An image-inspired scalable vulnerability detection system – year: 2018 ident: Bib0071 article-title: Maximal divergence sequential autoencoder for binary software vulnerability detection publication-title: Proceedings of the 2018 International Conference on Learning Representations (ICLR’18) – volume: 123 start-page: 106289 year: 2020 ident: Bib0139 article-title: BVDetector: A program slice-based binary code vulnerability intelligent detection system – volume: 18 start-page: 2224 issue: 5 year: 2019 end-page: 2236 ident: Bib0189 article-title: muVulDeePecker: A deep learning-based system for multiclass vulnerability detection publication-title: IEEE Transactions on Dependable and Secure Computing – volume: 13 start-page: 359 issue: 4 year: 1999 end-page: 394 ident: Bib0018 article-title: An empirical study of smoothing techniques for language modeling publication-title: Computer Speech & Language – volume: 238 start-page: 121764 year: 2024 ident: Bib0092 article-title: Detect software vulnerabilities with weight biases via graph neural networks publication-title: Expert Systems with Applications – volume: 160 start-page: 107219 year: 2023 ident: Bib0127 article-title: HGIVul: Detecting inter-procedural vulnerabilities based on hypergraph convolution publication-title: Information and Software Technology – volume: 69 start-page: 103293 year: 2022 ident: Bib0159 article-title: Detecting code vulnerabilities by learning from large-scale open source repositories publication-title: Journal of Information Security and Applications – volume: 75 start-page: 103484 year: 2023 ident: Bib0176 article-title: SVScanner: Detecting smart contract vulnerabilities via deep semantic extraction publication-title: Journal of Information Security and Applications – start-page: 672 year: 2022 end-page: 683 ident: Bib0111 article-title: The best of both worlds: Integrating semantic features with expert features for defect prediction and localization publication-title: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE’22) – year: 2023 ident: Bib0125 article-title: Smarter contracts: Detecting vulnerabilities in smart contracts with deep transfer learning publication-title: Proceedings of the 2023 Network and Distributed Security Symposium (NDSS’23) – start-page: 164 year: 2020 end-page: 177 ident: Bib0107 article-title: Deep cost-sensitive kernel machine for binary software vulnerability detection – volume: 199 start-page: 111623 year: 2023 ident: Bib0136 article-title: CSGVD: A deep learning approach combining sequence and graph embedding for source code vulnerability detection publication-title: Journal of Systems and Software – start-page: 131 year: 2023 end-page: 139 ident: Bib0141 article-title: Software vulnerability detection via doc2vec with path representations publication-title: Proceedings of the 2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security Companion (QRS-C’23) – volume: 28 start-page: 1329 issue: 7 year: 2019 end-page: 1343 ident: Bib0094 article-title: DeepBalance: Deep-learning and fuzzy oversampling for vulnerability detection publication-title: IEEE Transactions on Fuzzy Systems – start-page: 112014 year: 2024 ident: Bib0106 article-title: Code-centric learning-based just-in-time vulnerability detection publication-title: Journal of Systems and Software – start-page: 1 year: 2024 end-page: 13 ident: Bib0135 article-title: GPTScan: Detecting logic vulnerabilities in smart contracts by combining GPT with program analysis publication-title: Proceedings of the 46th International Conference on Software Engineering (ICSE’24) – year: 2024 ident: Bib0157 article-title: Vulnerability detection based on enhanced graph representation learning publication-title: IEEE Transactions on Information Forensics and Security – start-page: 65 year: 2013 end-page: 74 ident: Bib0101 article-title: When a patch goes bad: Exploring the properties of vulnerability-contributing commits publication-title: Proceedings of the 2013 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM’13) – start-page: 102 year: 2020 end-page: 116 ident: Bib0037 article-title: The random neural network as a bonding model for software vulnerability prediction publication-title: Modelling, Analysis, and Simulation of Computer and Telecommunication Systems – volume: 108 start-page: 1825 issue: 10 year: 2020 end-page: 1848 ident: Bib0086 article-title: Software vulnerability detection using deep neural networks: A survey publication-title: Proceedings of the IEEE – year: 2022 ident: Bib0112 article-title: Open science in software engineering: A study on deep learning-based vulnerability detection publication-title: IEEE Transactions on Software Engineering – volume: 9 issue: 1 year: 2022 ident: Bib0119 article-title: Threat and vulnerability management life cycle in operating systems: A systematic review publication-title: Journal of Multidisciplinary Engineering Science and Technology – volume: 2 start-page: Article 147, 25 pages issue: OOPSLA year: 2018 ident: Bib0118 article-title: DeepBugs: A learning approach to name-based bug detection publication-title: Proceedings of the ACM on Programming Languages – volume: 144 start-page: 106809 year: 2022 ident: Bib0149 article-title: VUDENC: Vulnerability detection with deep learning on a natural codebase for Python publication-title: Information and Software Technology – volume: 16 start-page: 2144 year: 2021 end-page: 2156 ident: Bib0058 article-title: Hunting vulnerable smart contracts via graph embedding based bytecode matching publication-title: IEEE Transactions on Information Forensics and Security – volume: 64 start-page: 1 year: 2015 end-page: 18 ident: Bib0116 article-title: Guidelines for conducting systematic mapping studies in software engineering: An update publication-title: Information and Software Technology – year: 2018 ident: Bib0085 article-title: VulDeePecker: A deep learning-based system for vulnerability detection publication-title: Proceedings of the 2018 Network and Distributed Systems Security Symposium (NDSS’18). – volume: 125 start-page: 103023 year: 2023 ident: Bib0148 article-title: BinVulDet: Detecting vulnerability in binary program via decompiled pseudo code and BiLSTM-attention publication-title: Computers & Security – start-page: 757 year: 2018 end-page: 762 ident: Bib0121 article-title: Automated vulnerability detection in source code using deep representation learning publication-title: Proceedings of the 2018 17th IEEE International Conference on Machine Learning and Applications (ICMLA’18) – volume: 47 start-page: 67 issue: 1 year: 2018 end-page: 85 ident: Bib0027 article-title: Automatic feature learning for predicting vulnerable software components publication-title: IEEE Transactions on Software Engineering – volume: 8 start-page: 197158 year: 2020 end-page: 197172 ident: Bib0173 article-title: Software vulnerability analysis and discovery using deep learning techniques: A survey publication-title: IEEE Access – start-page: 717 year: 2021 end-page: 729 ident: Bib0073 article-title: DeepCVA: Automated commit-level vulnerability assessment with deep multi-task learning publication-title: Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE’21) – volume: 109 start-page: 108766 year: 2023 ident: Bib0120 article-title: Smart contract vulnerability detection based on a semantic code structure and a self-designed neural network publication-title: Computers and Electrical Engineering – volume: 30 start-page: 1 issue: 2 year: 2021 end-page: 31 ident: Bib0190 article-title: Interpreting deep learning-based vulnerability detector predictions based on heuristic searching publication-title: ACM Transactions on Software Engineering and Methodology – start-page: 1 year: 2022 end-page: 10 ident: Bib0104 article-title: MANDO: Multi-level heterogeneous graph embeddings for fine-grained detection of smart contract vulnerabilities publication-title: Proceedings of the 2022 IEEE 9th International Conference on Data Science and Advanced Analytics (DSAA’22) – start-page: 1 year: 2024 end-page: 13 ident: Bib0129 article-title: Dataflow analysis-inspired deep learning for efficient vulnerability detection publication-title: Proceedings of the 46th International Conference on Software Engineering (ICSE’24) – start-page: 3252 year: 2019 end-page: 3259 ident: Bib0001 article-title: Can machine/deep learning classifiers detect zero-day malware with high accuracy? publication-title: Proceedings of the 2019 IEEE International Conference on Big Data (Big Data’19) – start-page: 519 year: 2022 end-page: 531 ident: Bib0022 article-title: Path-sensitive code embedding via contrastive learning for software vulnerability detection publication-title: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’22) – start-page: 47 year: 2021 end-page: 59 ident: Bib0004 article-title: Eth2Vec: Learning contract-wide code representations for vulnerability detection on Ethereum smart contracts publication-title: Proceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure (BSCI’21) – year: 2021 ident: Bib0096 article-title: Smart contract vulnerability detection: From pure neural network to interpretable graph feature and expert pattern fusion publication-title: Proceedings of the 30th International Joint Conference on Artificial Intelligence (IJCAI’21) – year: 2022 ident: Bib0038 article-title: LineVul: A transformer-based line-level vulnerability prediction – start-page: 1024 year: 2023 end-page: 1036 ident: Bib0081 article-title: Commit-level, neural vulnerability detection and assessment publication-title: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE’23) – start-page: 957 year: 2023 end-page: 969 ident: Bib0113 article-title: Fine-grained commit-level vulnerability type prediction by CWE tree structure publication-title: Proceedings of the 45th International Conference on Software Engineering (ICSE’23) – volume: 63 start-page: 139 issue: 11 year: 2020 end-page: 144 ident: Bib0044 article-title: Generative adversarial networks publication-title: Communications of the ACM – volume: 40 start-page: 993 issue: 10 year: 2014 end-page: 1006 ident: Bib0122 article-title: Predicting vulnerable software components via text mining publication-title: IEEE Transactions on Software Engineering – volume: 47 start-page: 67 issue: 1 year: 2018 end-page: 85 ident: Bib0026 article-title: Automatic feature learning for predicting vulnerable software components publication-title: IEEE Transactions on Software Engineering – volume: 460 start-page: 309 year: 2021 end-page: 330 ident: Bib0051 article-title: Analysis and modeling conditional mutual dependency of metrics in software defect prediction using latent variables publication-title: Neurocomputing – volume: 202 start-page: 111699 year: 2023 ident: Bib0171 article-title: Optimizing smart contract vulnerability detection via multi-modality code and entropy embedding publication-title: Journal of Systems and Software – start-page: 69 year: 2021 end-page: 79 ident: Bib0172 article-title: GCN2defect: Graph convolutional networks for SMOTETomek-based software defect prediction publication-title: Proceedings of the 2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE’21) – volume: 202 start-page: 111706 year: 2023 ident: Bib0143 article-title: LCVD: Loop-oriented code vulnerability detection via graph neural network publication-title: Journal of Systems and Software – volume: 212 start-page: 112031 year: 2024 ident: Bib0098 article-title: GRACE: Empowering LLM-based software vulnerability detection with graph structure and in-context learning publication-title: Journal of Systems and Software – year: 2020 ident: Bib0028 article-title: Hoppity: Learning graph transformations to detect and fix bugs in programs publication-title: Proceedings of the 2020 International Conference on Learning Representations (ICLR’20) – volume: 69 start-page: 516 year: 2018 end-page: 527 ident: Bib0050 article-title: Mixture of latent multinomial naive Bayes classifier publication-title: Applied Soft Computing – start-page: 292 year: 2021 end-page: 303 ident: Bib0078 article-title: Vulnerability detection with fine-grained interpretations publication-title: Proceedings of the 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE’21) – start-page: 513 year: 2020 end-page: 516 ident: Bib0128 article-title: Using machine learning to identify code fragments for manual review publication-title: Proceedings of the 2020 46th Euromicro Conference on Software Engineering and Advanced Applications (SEAA’20) – volume: 204 start-page: 111775 year: 2023 ident: Bib0091 article-title: Vulnerable smart contract function locating based on multi-relational nested graph convolutional network publication-title: Journal of Systems and Software – volume: 238 start-page: 121865 year: 2024 ident: Bib0140 article-title: Enhancing vulnerability detection via AST decomposition and neural sub-tree encoding publication-title: Expert Systems with Applications – volume: 167 start-page: 110616 year: 2020 ident: Bib0015 article-title: An automatic software vulnerability classification framework using term frequency-inverse gravity moment and feature selection publication-title: Journal of Systems and Software – start-page: 2262 year: 2023 end-page: 2274 ident: Bib0170 article-title: Enhancing deep learning-based vulnerability detection by building behavior graph model publication-title: Proceedings of the 45th International Conference on Software Engineering (ICSE’23) – start-page: 27865 year: 2021 end-page: 27876 ident: Bib0003 article-title: Self-supervised bug detection and repair – year: 2016 ident: Bib0099 publication-title: Software Quality Assurance: Integrating Testing, Security, and Audit – volume: 163 year: 2023 ident: Bib0030 article-title: DeKeDVer: A deep learning-based multi-type software vulnerability classification framework using vulnerability description and source code publication-title: Information and Software Technology – volume: 21 start-page: 1744 issue: 2 year: 2018 end-page: 1772 ident: Bib0133 article-title: Data-driven cybersecurity incident prediction: A survey publication-title: IEEE Communications Surveys & Tutorials – start-page: 1 year: 2018 end-page: 10 ident: Bib0070 article-title: Discovering software vulnerabilities using data-flow analysis and machine learning publication-title: Proceedings of the 13th International Conference on Availability, Reliability, and Security (ARES’18) – volume: 132 start-page: 103341 year: 2023 ident: Bib0138 article-title: Vulnerability detection through cross-modal feature enhancement and fusion publication-title: Computers & Security – volume: 213 start-page: 112039 year: 2024 ident: Bib0032 article-title: A vulnerability severity prediction method based on bimodal data and multi-task learning publication-title: Journal of Systems and Software – volume: 209 start-page: 111919 year: 2024 ident: Bib0008 article-title: Fine-grained smart contract vulnerability detection by heterogeneous code feature learning and automated dataset construction publication-title: Journal of Systems and Software – start-page: 312 year: 2023 end-page: 316 ident: Bib0046 article-title: Reentrancy vulnerability detection based on graph convolutional networks and expert patterns publication-title: Proceedings of the 2023 IEEE 16th International Symposium on Embedded Multicore/Many-Core Systems-on-Chip (MCSoC’23) – start-page: 499 year: 2013 end-page: 510 ident: Bib0163 article-title: Chucky: Exposing missing checks in source code for vulnerability discovery publication-title: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13) – start-page: 110238 year: 2024 ident: Bib0178 article-title: DA-GNN: A smart contract vulnerability detection method based on dual attention graph neural network publication-title: Computer Networks – year: 2022 ident: Bib0084 article-title: SySeVR: A framework for using deep learning to detect software vulnerabilities publication-title: IEEE Transactions on Dependable and Secure Computing – start-page: 914 year: 2017 end-page: 919 ident: Bib0184 article-title: Automated identification of security issues from commit messages and bug reports publication-title: Proceedings of the 2017 11th ACM Joint Meeting on Foundations of Software Engineering (FSE’17) – volume: 158 year: 2023 ident: Bib0031 article-title: SedSVD: Statement-level software vulnerability detection based on relational graph convolutional network with subgraph embedding publication-title: Information and Software Technology – start-page: 1 year: 2007 ident: Bib0042 article-title: Random testing for security: Blackbox vs. whitebox fuzzing publication-title: Proceedings of the 2nd International Conference on Random Testing, Co-Located with the 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE’07) – start-page: 590 year: 2014 end-page: 604 ident: Bib0160 article-title: Modeling and discovering vulnerabilities with code property graphs publication-title: Proceedings of the 2014 IEEE Symposium on Security and Privacy doi: 10.1109/SP.2014.44 – volume: 3 start-page: 30 year: 2019 ident: Bib0079 article-title: Improving bug detection via context-based code representation learning and attention-based neural networks publication-title: Proceedings of the ACM on Programming Languages doi: 10.1145/3360588 – start-page: 274 year: 2022 end-page: 282 ident: Bib0093 article-title: CPGBERT: An effective model for defect detection by learning program semantics via code property graph publication-title: Proceedings of the 2022 IEEE International Conference on Trust, Security, and Privacy in Computing and Communications (TrustCom’22) – year: 2020 ident: Bib0095 article-title: CD-VulD: Cross-domain vulnerability discovery based on deep domain adaptation publication-title: IEEE Transactions on Dependable and Secure Computing – volume: 110 start-page: 102417 year: 2021 ident: Bib0131 article-title: VDSimilar: Vulnerability detection based on code similarity of vulnerabilities and patches publication-title: Computers & Security – start-page: 378 year: 2021 end-page: 389 ident: Bib0153 article-title: Peculiar: Smart contract vulnerability detection based on crucial data flow graph and pre-training techniques publication-title: Proceedings of the 2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE’21) – volume: 202 start-page: 111705 year: 2023 ident: Bib0013 article-title: Smart contract vulnerability detection based on semantic graph and residual graph convolutional networks with edge attention publication-title: Journal of Systems and Software – volume: 16 start-page: 1943 year: 2020 end-page: 1958 ident: Bib0142 article-title: Combining graph-based learning with automated data collection for code vulnerability detection publication-title: IEEE Transactions on Information Forensics and Security – year: 2017 ident: Bib0023 article-title: End-to-end prediction of buffer overruns from raw source code via neural memory networks publication-title: Proceedings of the 26th International Joint Conference on Artificial Intelligence (IJCAI’17) – start-page: 425 year: 2019 end-page: 442 ident: Bib0067 article-title: RVFuzzer: Finding input validation bugs in robotic vehicles through control-guided testing publication-title: Proceedings of the 28th USENIX Conference on Security Symposium (SEC’19) – volume: 33 start-page: 1 issue: 5 year: 2024 end-page: 55 ident: Bib0039 article-title: sGuard+: Machine learning guided rule-based automated vulnerability repair on smart contracts publication-title: ACM Transactions on Software Engineering and Methodology – volume: 106 start-page: 102308 year: 2021 ident: Bib0063 article-title: AutoVAS: An automated vulnerability analysis system with a deep learning approach publication-title: Computers & Security – volume: 49 start-page: 44 issue: 1 year: 2022 end-page: 63 ident: Bib0061 article-title: The secret life of software vulnerabilities: A large-scale empirical study publication-title: IEEE Transactions on Software Engineering – volume: 3 year: 2019 ident: Bib0080 article-title: Improving bug detection via context-based code representation learning and attention-based neural networks publication-title: Proceedings of the ACM on Programming Languages – volume: 108 start-page: 102286 year: 2021 ident: Bib0164 article-title: HAN-BSVD: A hierarchical attention network for binary software vulnerability detection publication-title: Computers & Security – start-page: 1162 year: 2023 end-page: 1174 ident: Bib0059 article-title: An empirical study on fine-tuning large language models of code for automated program repair publication-title: Proceedings of the 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE’23) – year: 2024 ident: Bib0154 article-title: UltraVCS: Ultra-fine-grained variable-based code slicing for automated vulnerability detection publication-title: IEEE Transactions on Information Forensics and Security – start-page: 6503 year: 2019 end-page: 6505 ident: Bib0014 article-title: VEST: A system for vulnerability exploit scoring & timing publication-title: Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI’19) – start-page: 4665 year: 2019 end-page: 4671 ident: Bib0034 article-title: VulSniper: Focus your attention to shoot fine-grained vulnerabilities publication-title: Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI’19) – volume: 636 start-page: 118907 year: 2023 ident: Bib0064 article-title: A novel extended multimodal AI framework towards vulnerability detection in smart contracts publication-title: Information Sciences – start-page: 795 year: 2023 end-page: 806 ident: Bib0052 article-title: Automatic static vulnerability detection for machine learning libraries: Are we there yet? publication-title: Proceedings of the 2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE’23) – volume: 169 start-page: 107406 year: 2024 ident: Bib0108 article-title: Context-based statement-level vulnerability localization publication-title: Information and Software Technology – volume: 31 start-page: 1 issue: 1 year: 2021 end-page: 46 ident: Bib0090 article-title: On the reproducibility and replicability of deep learning in software engineering publication-title: ACM Transactions on Software Engineering and Methodology – volume: 125 start-page: 103017 year: 2023 ident: Bib0077 article-title: Cross-domain vulnerability detection using graph embedding and domain adaptation publication-title: Computers & Security – start-page: 1 year: 2022 end-page: 13 ident: Bib0177 article-title: Reentrancy vulnerability detection and localization: A deep learning based two-phase approach publication-title: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE’22) – start-page: 596 year: 2022 end-page: 607 ident: Bib0054 article-title: LineVD: Statement-level vulnerability detection using graph neural networks publication-title: Proceedings of the 19th International Conference on Mining Software Repositories (MSR’22) – start-page: 377 year: 2022 end-page: 394 ident: Bib0130 article-title: Expected exploitability: Predicting the development of functional vulnerability exploits publication-title: Proceedings of the 31st USENIX Security Symposium (Security’22) – start-page: 426 year: 2015 end-page: 437 ident: Bib0115 article-title: VCCFinder: Finding potential vulnerabilities in open-source projects to assist code audits publication-title: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security – volume: 164 start-page: 107328 year: 2023 ident: Bib0009 article-title: A software vulnerability detection method based on deep learning with complex network analysis and subgraph partition publication-title: Information and Software Technology – volume: 17 start-page: Article 8, 37 pages issue: 2 year: 2008 ident: Bib0025 article-title: DSD-Crasher: A hybrid analysis tool for bug finding publication-title: ACM Transactions on Software Engineering and Methodology – year: 2023 ident: Bib0082 article-title: VulHunter: Hunting vulnerable smart contracts at EVM bytecode-level via multiple instance learning publication-title: IEEE Transactions on Software Engineering – volume: 195 start-page: 111550 year: 2023 ident: Bib0007 article-title: Combine sliced joint graph with graph neural networks for smart contract vulnerability detection publication-title: Journal of Systems and Software – ident: Bib0006 – volume: 14 start-page: 654 issue: 6 year: 2020 end-page: 664 ident: Bib0124 article-title: Literature survey of deep learning-based vulnerability analysis on source code publication-title: IET Software – volume: 55 start-page: 1 issue: 5 year: 2022 end-page: 39 ident: Bib0072 article-title: A survey on data-driven software vulnerability assessment and prioritization publication-title: ACM Computing Surveys – start-page: 359 year: 2012 end-page: 368 ident: Bib0161 article-title: Generalized vulnerability extrapolation using abstract syntax trees publication-title: Proceedings of the 28th Annual Computer Security Applications Conference – year: 2023 ident: Bib0097 article-title: Combining graph neural networks with expert knowledge for smart contract vulnerability detection publication-title: IEEE Transactions on Knowledge and Data Engineering – start-page: 1736 year: 2022 end-page: 1740 ident: Bib0103 article-title: MANDO-GURU: Vulnerability detection for smart contract source code by heterogeneous graph embeddings publication-title: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE’22) – volume: 73 start-page: 103423 year: 2023 ident: Bib0134 article-title: ASSBert: Active and semi-supervised bert for smart contract vulnerability detection publication-title: Journal of Information Security and Applications – volume: 134 start-page: 103469 year: 2023 ident: Bib0152 article-title: SlicedLocator: Code vulnerability locator based on sliced dependence graph publication-title: Computers & Security – start-page: 3283 year: 2020 end-page: 3290 ident: Bib0187 article-title: Smart contract vulnerability detection using graph neural network publication-title: Proceedings of the 29th International Joint Conference on Artificial Intelligence (IJCAI’20) – year: 2011 ident: Bib0162 article-title: Vulnerability extrapolation: Assisted discovery of vulnerabilities using machine learning publication-title: Proceedings of the 5th USENIX Workshop on Offensive Technologies (WOOT’11) – volume: 3 start-page: 100011 year: 2019 ident: Bib0069 article-title: A survey on vulnerability assessment tools and databases for cloud-based web applications publication-title: Array – volume: 213 start-page: 106646 year: 2021 ident: Bib0002 article-title: Multi independent latent component extension of naive Bayes classifier publication-title: Knowledge-Based Systems – start-page: 34 year: 2019 end-page: 45 ident: Bib0056 article-title: DeepJIT: An end-to-end deep learning framework for just-in-time defect prediction publication-title: Proceedings of the 16th International Conference on Mining Software Repositories (MSR’19) – start-page: 457 year: 2021 end-page: 467 ident: Bib0180 article-title: Vu1SPG: Vulnerability detection based on slice property graph representation learning publication-title: Proceedings of the 2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE’21) – volume: 42 start-page: 89 issue: 6 year: 2007 end-page: 100 ident: Bib0102 article-title: Valgrind: A framework for heavyweight dynamic binary instrumentation publication-title: ACM SIGPLAN Notices – volume: 14 start-page: 3289 issue: 7 year: 2018 end-page: 3297 ident: Bib0088 article-title: Cross-project transfer representation learning for vulnerable function discovery publication-title: IEEE Transactions on Industrial Informatics – volume: 150 start-page: 22 year: 2019 end-page: 36 ident: Bib0114 article-title: Fine-grained just-in-time defect prediction publication-title: Journal of Systems and Software – volume: 130 start-page: 103247 year: 2023 ident: Bib0036 article-title: VDoTR: Vulnerability detection based on tensor representation of comprehensive code graphs publication-title: Computers & Security – year: 2023 ident: Bib0156 article-title: Automated program repair in the era of large pre-trained language models publication-title: Proceedings of the 45th International Conference on Software Engineering (ICSE’23) – start-page: 1 year: 2023 end-page: 6 ident: Bib0062 article-title: Multi-objective approach for detecting vulnerabilities in Ethereum smart contracts publication-title: Proceedings of the 2023 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC’23) – start-page: 103787 year: 2024 ident: Bib0068 article-title: A multi-type vulnerability detection framework with parallel perspective fusion and hierarchical feature enhancement publication-title: Computers & Security – start-page: 959 year: 2022 end-page: 970 ident: Bib0029 article-title: VELVET: A noVel Ensemble Learning approach to automatically locate VulnErable sTatements publication-title: Proceedings of the 2022 IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER’22) – start-page: 2369 year: 2023 end-page: 2376 ident: Bib0168 article-title: SmartDT: An effective vulnerability detection system of smart contracts based on deep learning publication-title: Proceedings of the 2023 IEEE International Conference on Big Data (Big Data’23) – volume: 135 start-page: 103508 year: 2023 ident: Bib0045 article-title: BinAIV: Semantic-enhanced vulnerability detection for Linux x86 binaries publication-title: Computers & Security – year: 2024 ident: Bib0151 article-title: Meta-path based attentional graph learning model for vulnerability detection publication-title: IEEE Transactions on Software Engineering – volume: 158 year: 2024 ident: Bib0057 article-title: Effective combining source code and opcode for accurate vulnerability detection of smart contracts in edge AI systems publication-title: Applied Soft Computing – start-page: 32 year: 2020 end-page: 42 ident: Bib0019 article-title: A machine learning approach for vulnerability curation publication-title: Proceedings of the 17th International Conference on Mining Software Repositories (MSR’20) – volume: 171 start-page: 107453 year: 2024 ident: Bib0017 article-title: Hybrid semantics-based vulnerability detection incorporating a temporal convolutional network and self-attention mechanism publication-title: Information and Software Technology – year: 2024 ident: Bib0076 article-title: Smart contract vulnerability detection based on automated feature extraction and feature interaction publication-title: IEEE Transactions on Knowledge and Data Engineering – start-page: 107442 year: 2024 ident: Bib0158 article-title: MSGVUL: Multi-semantic integration vulnerability detection based on relational graph convolutional neural networks publication-title: Information and Software Technology – start-page: 1 year: 2022 end-page: 8 ident: Bib0048 article-title: Vulberta: Simplified source code pre-training for vulnerability detection publication-title: Proceedings of the 2022 International Joint Conference on Neural Networks (IJCNN’22) – start-page: 457 year: 2021 end-page: 467 ident: Bib0179 article-title: Vu1SPG: Vulnerability detection based on slice property graph representation learning publication-title: Proceedings of the 2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE’21) – start-page: 150 year: 2022 end-page: 162 ident: Bib0137 article-title: SeVulDet: A semantics-enhanced learnable vulnerability detector publication-title: Proceedings of the 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’22) – volume: 136 start-page: 106576 year: 2021 ident: Bib0010 article-title: BGNN4VD: Constructing bidirectional graph neural-network for vulnerability detection publication-title: Information and Software Technology – volume: 134 start-page: 303 year: 2022 end-page: 318 ident: Bib0049 article-title: Proximal instance aggregator networks for explainable security vulnerability detection publication-title: Future Generation Computer Systems – year: 2022 ident: Bib0012 article-title: Deep learning based vulnerability detection: Are we there yet publication-title: IEEE Transactions on Software Engineering – volume: 50 start-page: 1 issue: 4 year: 2017 end-page: 36 ident: Bib0040 article-title: Software vulnerability analysis and discovery using machine-learning and data-mining techniques: A survey publication-title: ACM Computing Surveys – volume: 121 start-page: 102823 year: 2022 ident: Bib0047 article-title: HyVulDect: A hybrid semantic vulnerability mining system based on graph neural network publication-title: Computers & Security – year: 2024 ident: Bib0109 article-title: Deep domain adaptation with max-margin principle for cross-project imbalanced software vulnerability detection publication-title: ACM Transactions on Software Engineering and Methodology – year: 2019 ident: Bib0183 article-title: Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks publication-title: Proceedings of the 33rd Conference on Neural Information Processing Systems (NeurIPS’19). – start-page: 2275 year: 2023 end-page: 2286 ident: Bib0150 article-title: Vulnerability detection with graph simplification and enhanced graph representation learning publication-title: Proceedings of the 45th International Conference on Software Engineering (ICSE’23) – volume: 553 start-page: 189 year: 2021 end-page: 207 ident: Bib0041 article-title: Neural software vulnerability analysis using rich intermediate graph representations of programs publication-title: Information Sciences – start-page: 121 year: 2023 end-page: 133 ident: Bib0024 article-title: Data quality for software vulnerability datasets publication-title: Proceedings of the 45th International Conference on Software Engineering (ICSE’23) – year: 2013 ident: Bib0035 publication-title: Infer – volume: 18 start-page: 1527 issue: 7 year: 2006 end-page: 1554 ident: Bib0055 article-title: A fast learning algorithm for deep belief nets publication-title: Neural Computation – volume: 106 start-page: 142 year: 2019 end-page: 160 ident: Bib0126 article-title: Automatically identifying code features for software defect prediction: Using AST n-grams publication-title: Information and Software Technology – volume: 160 start-page: 107246 year: 2023 ident: Bib0181 article-title: A multitype software buffer overflow vulnerability prediction method based on a software graph structure and a self-attentive graph neural network publication-title: Information and Software Technology – start-page: 568 year: 2023 end-page: 577 ident: Bib0185 article-title: GraBit: A sequential model-based framework for smart contract vulnerability detection publication-title: Proceedings of the 2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE’23) – start-page: 457 year: 2022 end-page: 464 ident: Bib0165 article-title: Source code vulnerability detection using vulnerability dependency representation graph publication-title: Proceedings of the 2022 IEEE International Conference on Trust, Security, and Privacy in Computing and Communications (TrustCom’22) – volume: 14 issue: 1 year: 2024 ident: Bib0060 article-title: Vulnerability detection in Java source code using a quantum convolutional neural network with self-attentive pooling, deep sequence, and graph-based hybrid feature extraction publication-title: Scientific Reports – start-page: 31 year: 2019 end-page: 40 ident: Bib0043 article-title: Joint prediction of multiple vulnerability characteristics through multi-task learning publication-title: Proceedings of the 2019 24th International Conference on Engineering and Complex Computer Systems (ICECCS’19) – start-page: 3 year: 2018 end-page: 32 ident: Bib0066 article-title: Review into state of the art of vulnerability assessment using artificial intelligence publication-title: Guide to Vulnerability Analysis for Computer Networks and Systems – start-page: 45 year: 2017 end-page: 52 ident: Bib0117 article-title: Convolutional neural networks over control flow graphs for software defect prediction publication-title: Proceedings of the 2017 IEEE 29th International Conference on Tools with Artificial Intelligence (ICTAI’17) – start-page: 318 year: 2017 end-page: 328 ident: Bib0074 article-title: Software defect prediction via convolutional neural network publication-title: Proceedings of the 2017 IEEE International Conference on Software Quality, Reliability, and Security (QRS’17) – start-page: 4651 year: 2020 end-page: 4656 ident: Bib0100 article-title: Explainable software vulnerability detection based on attention-based bidirectional recurrent neural networks publication-title: Proceedings of the 2020 IEEE International Conference on Big Data (Big Data’20) – volume: 167 start-page: 107371 year: 2024 ident: Bib0175 article-title: Vulnerability detection based on federated learning publication-title: Information and Software Technology – start-page: 833 year: 2012 end-page: 844 ident: Bib0005 article-title: Before we knew it: An empirical study of zero-day attacks in the real world publication-title: Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCCS’12) – volume: 27 start-page: 313 year: 2005 end-page: 334 ident: Bib0167 article-title: Using static analysis to reduce dynamic analysis overhead publication-title: Formal Methods in System Design – year: 2023 ident: Bib0174 article-title: CPVD: Cross project vulnerability detection based on graph attention network and domain adaptation publication-title: IEEE Transactions on Software Engineering – start-page: 1911 year: 2023 end-page: 1918 ident: Bib0110 article-title: Function-level vulnerability detection through fusing multi-modal knowledge publication-title: Proceedings of the 2023 IEEE/ACM International Conference on Automated Software Engineering (ASE’23) – volume: 204 start-page: 111772 year: 2023 ident: Bib0016 article-title: BiTCN_DRSN: An effective software vulnerability detection model based on an improved temporal convolutional network publication-title: Journal of Systems and Software – start-page: 41 year: 2019 end-page: 50 ident: Bib0021 article-title: Static detection of control-flow-related vulnerabilities using graph embedding publication-title: Proceedings of the 2019 24th International Conference on Engineering and Complex Computer Systems (ICECCS’19) – start-page: 324 year: 2021 end-page: 335 ident: Bib0089 article-title: Traceability transformed: Generating more accurate links with pre-trained BERT models publication-title: Proceedings of the 43rd International Conference on Software Engineering (ICSE’21) – volume: 77 start-page: 103555 year: 2023 ident: Bib0182 article-title: Smart contracts vulnerability detection model based on adversarial multi-task learning publication-title: Journal of Information Security and Applications – volume: 30 start-page: 1 issue: 3 year: 2021 end-page: 33 ident: Bib0020 article-title: DeepWukong: Statically detecting software vulnerabilities using deep graph neural network publication-title: ACM Transactions on Software Engineering and Methodology – start-page: 556 year: 2023 end-page: 567 ident: Bib0169 article-title: PSCVFinder: A prompt-tuning based framework for smart contract vulnerability detection publication-title: Proceedings of the 2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE’23) – volume: 248 start-page: 108852 year: 2022 ident: Bib0186 article-title: Just-in-time defect prediction based on AST change embedding publication-title: Knowledge-Based Systems – volume: 28 start-page: 39 issue: 1 year: 2020 end-page: 57 ident: Bib0033 article-title: Cross-project bug type prediction based on transfer learning publication-title: Software Quality Journal – volume: 26 start-page: 1 issue: 3 year: 2023 end-page: 25 ident: Bib0075 article-title: VulANalyzeR: Explainable binary vulnerability detection with multi-task learning and attentional graph convolution publication-title: ACM Transactions on Privacy and Security – volume: 18 start-page: 2469 issue: 5 year: 2019 end-page: 2485 ident: Bib0087 article-title: Software vulnerability discovery via learning multi-domain knowledge bases publication-title: IEEE Transactions on Dependable and Secure Computing – start-page: 1 year: 2017 end-page: 7 ident: Bib0166 article-title: VulDigger: A just-in-time and cost-aware tool for digging vulnerability-contributing changes publication-title: Proceedings of the 2017 IEEE Global Communications Conference (GLOBECOM’17) – start-page: 1456 year: 2022 end-page: 1468 ident: Bib0011 article-title: MVD: Memory-related vulnerability detection based on flow-sensitive graph neural networks publication-title: Proceedings of the 44th International Conference on Software Engineering (ICSE’22) – start-page: 334 year: 2023 end-page: 346 ident: Bib0105 article-title: MANDO-HGT: Heterogeneous graph transformers for smart contract vulnerability detection publication-title: Proceedings of the 20th International Conference on Mining Software Repositories (MSR’23) – start-page: 297 year: 2016 end-page: 308 ident: Bib0146 article-title: Automatically learning semantic features for defect prediction publication-title: Proceedings of the 38th International Conference on Software Engineering (ICSE’16) – volume: 133 start-page: 108296 year: 2024 ident: Bib0144 article-title: Graph confident learning for software vulnerability detection publication-title: Engineering Applications of Artificial Intelligence – start-page: 2249 year: 2023 end-page: 2261 ident: Bib0147 article-title: DeepVD: Toward class-separation features for neural network vulnerability detection publication-title: Proceedings of the 45th International Conference on Software Engineering (ICSE’23) – volume: 46 start-page: 1267 issue: 12 year: 2018 end-page: 1293 ident: Bib0145 article-title: Deep semantic feature learning for software defect prediction publication-title: IEEE Transactions on Software Engineering – start-page: 425 volume-title: Proceedings of the 28th USENIX Conference on Security Symposium (SEC’19) year: 2019 ident: e_1_3_2_68_2 – ident: e_1_3_2_103_2 doi: 10.1145/1273442.1250746 – ident: e_1_3_2_112_2 doi: 10.1145/3540250.3549165 – ident: e_1_3_2_190_2 – ident: e_1_3_2_101_2 doi: 10.1109/BigData50022.2020.9377803 – start-page: 717 volume-title: Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE’21) year: 2021 ident: e_1_3_2_74_2 – ident: e_1_3_2_96_2 doi: 10.1109/TDSC.2020.2984505 – ident: e_1_3_2_56_2 doi: 10.1162/neco.2006.18.7.1527 – ident: e_1_3_2_10_2 doi: 10.1016/j.infsof.2023.107328 – ident: e_1_3_2_34_2 doi: 10.1007/s11219-019-09467-0 – ident: e_1_3_2_138_2 doi: 10.1109/DSN53405.2022.00026 – ident: e_1_3_2_89_2 doi: 10.1109/TII.2018.2821768 – ident: e_1_3_2_111_2 doi: 10.1109/ASE56229.2023.00084 – ident: e_1_3_2_136_2 doi: 10.1145/3597503.3639117 – ident: e_1_3_2_160_2 doi: 10.1016/j.jisa.2022.103293 – ident: e_1_3_2_142_2 doi: 10.1109/QRS-C60940.2023.00078 – ident: e_1_3_2_50_2 doi: 10.1016/j.future.2022.04.008 – ident: e_1_3_2_94_2 doi: 10.1109/TrustCom56396.2022.00046 – ident: e_1_3_2_95_2 – ident: e_1_3_2_186_2 doi: 10.1109/ISSRE59848.2023.00024 – ident: e_1_3_2_40_2 doi: 10.1145/3641846 – ident: e_1_3_2_42_2 doi: 10.1016/j.ins.2020.11.053 – ident: e_1_3_2_83_2 doi: 10.1109/TSE.2023.3317209 – ident: e_1_3_2_63_2 doi: 10.1109/ETNCC59188.2023.10284955 – ident: e_1_3_2_27_2 doi: 10.1109/TSE.2018.2881961 – ident: e_1_3_2_87_2 doi: 10.1109/JPROC.2020.2993293 – ident: e_1_3_2_183_2 doi: 10.1016/j.jisa.2023.103555 – ident: e_1_3_2_80_2 doi: 10.1145/3360588 – ident: e_1_3_2_106_2 doi: 10.1109/MSR59073.2023.00052 – ident: e_1_3_2_126_2 doi: 10.14722/ndss.2023.23263 – ident: e_1_3_2_156_2 – volume-title: Guidelines for Performing Systematic Literature Reviews in Software Engineering year: 2007 ident: e_1_3_2_66_2 – ident: e_1_3_2_158_2 doi: 10.1109/TIFS.2024.3392536 – ident: e_1_3_2_77_2 doi: 10.1109/TKDE.2023.3333371 – ident: e_1_3_2_79_2 doi: 10.1145/3468264.3468597 – start-page: 45 volume-title: Proceedings of the 2017 IEEE 29th International Conference on Tools with Artificial Intelligence (ICTAI’17) year: 2017 ident: e_1_3_2_118_2 – ident: e_1_3_2_84_2 doi: 10.1109/TDSC.2021.3076142 – ident: e_1_3_2_127_2 doi: 10.1016/j.infsof.2018.10.001 – ident: e_1_3_2_22_2 doi: 10.1109/ICECCS.2019.00012 – ident: e_1_3_2_85_2 doi: 10.1109/TDSC.2021.3051525 – ident: e_1_3_2_152_2 doi: 10.1109/TSE.2023.3340267 – ident: e_1_3_2_67_2 doi: 10.1007/978-3-319-92624-7_1 – ident: e_1_3_2_43_2 doi: 10.1145/1292414.1292416 – ident: e_1_3_2_191_2 doi: 10.1145/3429444 – ident: e_1_3_2_166_2 doi: 10.1109/TrustCom56396.2022.00070 – ident: e_1_3_2_189_2 – ident: e_1_3_2_37_2 doi: 10.1016/j.cose.2023.103247 – ident: e_1_3_2_69_2 doi: 10.1016/j.cose.2024.103787 – ident: e_1_3_2_119_2 doi: 10.1145/3276517 – ident: e_1_3_2_121_2 doi: 10.1016/j.compeleceng.2023.108766 – ident: e_1_3_2_164_2 doi: 10.1145/2508859.2516665 – ident: e_1_3_2_175_2 doi: 10.1109/TSE.2023.3285910 – ident: e_1_3_2_52_2 doi: 10.1016/j.neucom.2021.05.043 – ident: e_1_3_2_172_2 doi: 10.1016/j.jss.2023.111699 – start-page: 377 volume-title: Proceedings of the 31st USENIX Security Symposium (Security’22) year: 2022 ident: e_1_3_2_131_2 – ident: e_1_3_2_35_2 doi: 10.24963/ijcai.2019/648 – ident: e_1_3_2_48_2 doi: 10.1016/j.cose.2022.102823 – ident: e_1_3_2_147_2 doi: 10.1145/2884781.2884804 – ident: e_1_3_2_6_2 doi: 10.1145/2382196.2382284 – ident: e_1_3_2_170_2 doi: 10.1109/ISSRE59848.2023.00030 – ident: e_1_3_2_184_2 – ident: e_1_3_2_104_2 doi: 10.1145/3540250.3558927 – ident: e_1_3_2_154_2 doi: 10.1109/ISSRE52982.2021.00047 – ident: e_1_3_2_133_2 doi: 10.1016/j.cose.2024.103732 – ident: e_1_3_2_177_2 doi: 10.1016/j.jisa.2023.103484 – ident: e_1_3_2_55_2 doi: 10.1145/3524842.3527949 – ident: e_1_3_2_108_2 doi: 10.1007/978-3-030-47436-2_13 – volume-title: Proceedings of the 5th USENIX Workshop on Offensive Technologies (WOOT’11) year: 2011 ident: e_1_3_2_163_2 – ident: e_1_3_2_62_2 doi: 10.1109/TSE.2022.3140868 – ident: e_1_3_2_159_2 doi: 10.1016/j.infsof.2024.107442 – ident: e_1_3_2_140_2 doi: 10.1016/j.infsof.2020.106289 – ident: e_1_3_2_14_2 doi: 10.1016/j.jss.2023.111705 – ident: e_1_3_2_179_2 doi: 10.1016/j.comnet.2024.110238 – ident: e_1_3_2_46_2 doi: 10.1016/j.cose.2023.103508 – ident: e_1_3_2_21_2 doi: 10.1145/3436877 – ident: e_1_3_2_134_2 doi: 10.1109/COMST.2018.2885561 – ident: e_1_3_2_165_2 doi: 10.1016/j.cose.2021.102286 – ident: e_1_3_2_143_2 doi: 10.1109/TIFS.2020.3044773 – ident: e_1_3_2_173_2 doi: 10.1109/ISSRE52982.2021.00020 – ident: e_1_3_2_161_2 doi: 10.1109/SP.2014.44 – ident: e_1_3_2_117_2 doi: 10.1016/j.infsof.2015.03.007 – ident: e_1_3_2_31_2 doi: 10.1016/j.infsof.2023.107290 – ident: e_1_3_2_59_2 doi: 10.1109/TIFS.2021.3050051 – ident: e_1_3_2_73_2 doi: 10.1145/3529757 – ident: e_1_3_2_97_2 – ident: e_1_3_2_12_2 doi: 10.1145/3510003.3510219 – ident: e_1_3_2_167_2 doi: 10.1109/GLOCOM.2017.8254428 – ident: e_1_3_2_28_2 doi: 10.1109/TSE.2018.2881961 – ident: e_1_3_2_82_2 doi: 10.1145/3611643.3616346 – ident: e_1_3_2_148_2 doi: 10.1109/ICSE48619.2023.00189 – ident: e_1_3_2_105_2 doi: 10.1109/DSAA54385.2022.10032337 – ident: e_1_3_2_92_2 doi: 10.1016/j.jss.2023.111775 – ident: e_1_3_2_15_2 doi: 10.24963/ijcai.2019/937 – ident: e_1_3_2_91_2 doi: 10.1145/3477535 – ident: e_1_3_2_153_2 doi: 10.1016/j.cose.2023.103469 – ident: e_1_3_2_44_2 doi: 10.1109/ICECCS.2019.00011 – volume-title: Proceedings of the 2020 International Conference on Learning Representations (ICLR’20) year: 2020 ident: e_1_3_2_29_2 – ident: e_1_3_2_75_2 doi: 10.1109/QRS.2017.42 – ident: e_1_3_2_71_2 doi: 10.1145/3230833.3230856 – ident: e_1_3_2_2_2 doi: 10.1109/BigData47090.2019.9006514 – ident: e_1_3_2_33_2 doi: 10.1016/j.jss.2024.112039 – ident: e_1_3_2_188_2 doi: 10.24963/ijcai.2020/454 – ident: e_1_3_2_182_2 doi: 10.1016/j.infsof.2023.107246 – ident: e_1_3_2_181_2 doi: 10.1109/ISSRE52982.2021.00054 – ident: e_1_3_2_123_2 doi: 10.1109/TSE.2014.2340398 – ident: e_1_3_2_19_2 doi: 10.1006/csla.1999.0128 – ident: e_1_3_2_135_2 doi: 10.1016/j.jisa.2023.103423 – ident: e_1_3_2_120_2 – ident: e_1_3_2_7_2 – ident: e_1_3_2_81_2 doi: 10.1145/3360588 – ident: e_1_3_2_13_2 doi: 10.1109/TSE.2021.3087402 – ident: e_1_3_2_58_2 doi: 10.1016/j.asoc.2024.111556 – ident: e_1_3_2_25_2 doi: 10.1109/ICSE48619.2023.00022 – volume-title: Proceedings of the 2018 International Conference on Learning Representations (ICLR’18) year: 2018 ident: e_1_3_2_72_2 – ident: e_1_3_2_130_2 doi: 10.1145/3597503.3623345 – ident: e_1_3_2_45_2 doi: 10.1145/3422622 – ident: e_1_3_2_155_2 doi: 10.1109/TIFS.2024.3374219 – ident: e_1_3_2_146_2 doi: 10.1109/TSE.2018.2877612 – ident: e_1_3_2_144_2 doi: 10.1016/j.jss.2023.111706 – ident: e_1_3_2_39_2 – ident: e_1_3_2_51_2 doi: 10.1016/j.asoc.2018.04.020 – ident: e_1_3_2_150_2 doi: 10.1016/j.infsof.2021.106809 – ident: e_1_3_2_60_2 doi: 10.1109/ASE56229.2023.00181 – ident: e_1_3_2_129_2 doi: 10.1109/SEAA51224.2020.00085 – ident: e_1_3_2_49_2 doi: 10.1109/IJCNN55064.2022.9892280 – ident: e_1_3_2_70_2 doi: 10.1016/j.array.2019.100011 – volume-title: Introduction to Information Retrieval year: 2008 ident: e_1_3_2_124_2 – ident: e_1_3_2_57_2 doi: 10.1109/MSR.2019.00016 – ident: e_1_3_2_187_2 doi: 10.1016/j.knosys.2022.108852 – volume-title: Infer year: 2013 ident: e_1_3_2_36_2 – ident: e_1_3_2_122_2 doi: 10.1109/ICMLA.2018.00120 – ident: e_1_3_2_114_2 doi: 10.1109/ICSE48619.2023.00088 – ident: e_1_3_2_176_2 doi: 10.1016/j.infsof.2023.107371 – ident: e_1_3_2_141_2 doi: 10.1016/j.eswa.2023.121865 – ident: e_1_3_2_20_2 doi: 10.1145/3379597.3387461 – ident: e_1_3_2_53_2 doi: 10.1109/ISSRE59848.2023.00042 – ident: e_1_3_2_64_2 doi: 10.1016/j.cose.2021.102308 – ident: e_1_3_2_169_2 doi: 10.1109/BigData59044.2023.10386771 – ident: e_1_3_2_180_2 doi: 10.1109/ISSRE52982.2021.00054 – ident: e_1_3_2_107_2 doi: 10.1016/j.jss.2024.112014 – ident: e_1_3_2_90_2 doi: 10.1109/ICSE43902.2021.00040 – ident: e_1_3_2_47_2 doi: 10.1109/MCSoC60832.2023.00053 – ident: e_1_3_2_178_2 doi: 10.1145/3551349.3560428 – ident: e_1_3_2_109_2 doi: 10.1016/j.infsof.2024.107406 – ident: e_1_3_2_149_2 doi: 10.1016/j.cose.2022.103023 – ident: e_1_3_2_18_2 doi: 10.1016/j.infsof.2024.107453 – ident: e_1_3_2_3_2 doi: 10.1016/j.knosys.2020.106646 – ident: e_1_3_2_151_2 doi: 10.1109/ICSE48619.2023.00191 – ident: e_1_3_2_139_2 doi: 10.1016/j.cose.2023.103341 – ident: e_1_3_2_128_2 doi: 10.1016/j.infsof.2023.107219 – ident: e_1_3_2_16_2 doi: 10.1016/j.jss.2020.110616 – ident: e_1_3_2_171_2 doi: 10.1109/ICSE48619.2023.00190 – ident: e_1_3_2_99_2 doi: 10.1016/j.jss.2024.112031 – ident: e_1_3_2_132_2 doi: 10.1016/j.cose.2021.102417 – ident: e_1_3_2_168_2 doi: 10.1007/s10703-005-3401-0 – ident: e_1_3_2_4_2 – ident: e_1_3_2_5_2 doi: 10.1145/3457337.3457841 – ident: e_1_3_2_76_2 doi: 10.1145/3585386 – ident: e_1_3_2_113_2 doi: 10.1109/TSE.2022.3207149 – ident: e_1_3_2_185_2 doi: 10.1145/3106237.3117771 – ident: e_1_3_2_23_2 doi: 10.1145/3533767.3534371 – ident: e_1_3_2_115_2 doi: 10.1016/j.jss.2018.12.001 – ident: e_1_3_2_98_2 – ident: e_1_3_2_125_2 doi: 10.1049/iet-sen.2020.0084 – ident: e_1_3_2_100_2 doi: 10.1201/b20091 – ident: e_1_3_2_137_2 doi: 10.1016/j.jss.2023.111623 – ident: e_1_3_2_88_2 doi: 10.1109/TDSC.2019.2954088 – ident: e_1_3_2_11_2 doi: 10.1016/j.infsof.2021.106576 – ident: e_1_3_2_32_2 doi: 10.1016/j.infsof.2023.107168 – ident: e_1_3_2_102_2 doi: 10.1109/ESEM.2013.19 – ident: e_1_3_2_9_2 doi: 10.1016/j.jss.2023.111919 – ident: e_1_3_2_61_2 doi: 10.1038/s41598-024-56871-z – ident: e_1_3_2_24_2 doi: 10.24963/ijcai.2017/214 – ident: e_1_3_2_116_2 doi: 10.1145/2810103.2813604 – ident: e_1_3_2_54_2 doi: 10.1109/MSR59073.2023.00018 – ident: e_1_3_2_86_2 – ident: e_1_3_2_174_2 doi: 10.1109/ACCESS.2020.3034766 – ident: e_1_3_2_17_2 doi: 10.1016/j.jss.2023.111772 – ident: e_1_3_2_157_2 doi: 10.1109/ICSE48619.2023.00129 – ident: e_1_3_2_78_2 doi: 10.1016/j.cose.2022.103017 – ident: e_1_3_2_162_2 doi: 10.1145/2420950.2421003 – ident: e_1_3_2_8_2 doi: 10.1016/j.jss.2022.111550 – ident: e_1_3_2_26_2 doi: 10.1145/1348250.1348254 – ident: e_1_3_2_30_2 doi: 10.1109/SANER53432.2022.00114 – ident: e_1_3_2_41_2 doi: 10.1145/3092566 – ident: e_1_3_2_65_2 doi: 10.1016/j.ins.2023.03.132 – ident: e_1_3_2_93_2 doi: 10.1016/j.eswa.2023.121764 – ident: e_1_3_2_110_2 doi: 10.1145/3664602 – ident: e_1_3_2_38_2 doi: 10.1007/978-3-030-68110-4_7 – ident: e_1_3_2_145_2 doi: 10.1016/j.engappai.2024.108296
SSID	ssj0002416
Score	2.545597
Snippet	In recent years, numerous Machine Learning (ML) models, including Deep Learning (DL) and classic ML models, have been developed to detect software...
SourceID	proquest crossref acm
SourceType	Aggregation Database Index Database Publisher
StartPage	1
SubjectTerms	Deep learning Digital libraries Digital systems Embedding Graph neural networks International conferences Literature reviews Machine learning Neural networks Recurrent neural networks Reliability engineering Representations Security and privacy Software engineering Software reliability Software security engineering Source code Systematic review Taxonomy
SubjectTermsDisplay	Security and privacy -- Software security engineering
Title	A Systematic Literature Review on Automated Software Vulnerability Detection Using Machine Learning
URI	https://dl.acm.org/doi/10.1145/3699711 https://www.proquest.com/docview/3175118839
Volume	57
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
journalDatabaseRights	– providerCode: PRVEBS databaseName: Inspec with Full Text customDbUrl: eissn: 1557-7341 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0002416 issn: 0360-0300 databaseCode: ADMLS dateStart: 20040301 isFulltext: true titleUrlDefault: https://www.ebsco.com/products/research-databases/inspec-full-text providerName: EBSCOhost
link	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LT9wwELaW5dILBUrFtoB84IYCSZzH-hheQojlAhRuKztxYBFNqiWhgiO_nHH8SBYqFTgkihzZ2fV8nhnbM58R2mRRyD3mMUcMYbgFHnMdHtHMEXHOgjinGacyOXl0Gh1dBMdX4VWv99yJWqorvp0-_TOv5DNShTKQq8yS_YBkbaNQAM8gX7iDhOH-LhknmnC8YV09sQTJhi2_lEsZVQmvpVcJ-vavDPP6Vd9JpukmKPYR9E0l1GnhKnhg1ARXCsO7et11XpO9UROCXjeh0vf19AFgYJdobibTicwJeoKPq5zr00mr9HdL9ii2ZDaQWkG9e-hs6F_qRevjuridvCk9K_XP0IsTfthGZ9mkLBfKXLX1IrSODWMnJorvyihhxVKtwUY6GtXrmGZFlfJW6QeSH4NElMZacc_Qar8ydzYIUaVkh2NdcQ7N-2AZ3D6aT_ZHJ2fWnoOPo3e81V9Rqdey6o6uKj2b9PesZzNr2Btv5XwRLehpBk4UZpZQTxTL6Ks5wgNrjf4NpQluIYRbCGEFIVwW2EIIGwjhGQhhCyHcQAhrCGEDoRV0cXhwvnfk6HM3HOaToHLkweM8cHkOAs1ILI9UiCMZDgnjHa6MROmQBp5gPBfMp0Pw-X0umf1iHvppSsh31C_KQqwizASlAWECGoKJLswWBDTORBbBLNfLCRugZei58R_FrGJEMUDY9KR99UpaA7RmenisR-T9WPrCMGEGn__H_1v4ib60iF1D_Wpai3VwMCu-oRHwAtRQfM8
linkProvider	EBSCOhost
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Systematic+Literature+Review+on+Automated+Software+Vulnerability+Detection+Using+Machine+Learning&rft.jtitle=ACM+computing+surveys&rft.au=Shiri+Harzevili%2C+Nima&rft.au=Boaye+Belle%2C+Alvine&rft.au=Wang%2C+Junjie&rft.au=Wang%2C+Song&rft.date=2025-03-01&rft.issn=0360-0300&rft.eissn=1557-7341&rft.volume=57&rft.issue=3&rft.spage=1&rft.epage=36&rft_id=info:doi/10.1145%2F3699711&rft.externalDBID=n%2Fa&rft.externalDocID=10_1145_3699711
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0360-0300&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0360-0300&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0360-0300&client=summon