Saved in:
Bibliographic Details
Main Authors: Guo, Yuejun, Bettaieb, Seifeddine
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2410.06030
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912064469991424
author Guo, Yuejun
Bettaieb, Seifeddine
author_facet Guo, Yuejun
Bettaieb, Seifeddine
contents Vulnerability detection is a crucial yet challenging task to identify potential weaknesses in software for cyber security. Recently, deep learning (DL) has made great progress in automating the detection process. Due to the complex multi-layer structure and a large number of parameters, a DL model requires massive labeled (vulnerable or secure) source code to gain knowledge to effectively distinguish between vulnerable and secure code. In the literature, many datasets have been created to train DL models for this purpose. However, these datasets suffer from several issues that will lead to low detection accuracy of DL models. In this paper, we define three critical issues (i.e., data imbalance, low vulnerability coverage, biased vulnerability distribution) that can significantly affect the model performance and three secondary issues (i.e., errors in source code, mislabeling, noisy historical data) that also affect the performance but can be addressed through a dedicated pre-processing procedure. In addition, we conduct a study of 14 papers along with 54 datasets for vulnerability detection to confirm these defined issues. Furthermore, we discuss good practices to use existing datasets and to create new ones.
format Preprint
id arxiv_https___arxiv_org_abs_2410_06030
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Data Quality Issues in Vulnerability Detection Datasets
Guo, Yuejun
Bettaieb, Seifeddine
Cryptography and Security
Artificial Intelligence
Vulnerability detection is a crucial yet challenging task to identify potential weaknesses in software for cyber security. Recently, deep learning (DL) has made great progress in automating the detection process. Due to the complex multi-layer structure and a large number of parameters, a DL model requires massive labeled (vulnerable or secure) source code to gain knowledge to effectively distinguish between vulnerable and secure code. In the literature, many datasets have been created to train DL models for this purpose. However, these datasets suffer from several issues that will lead to low detection accuracy of DL models. In this paper, we define three critical issues (i.e., data imbalance, low vulnerability coverage, biased vulnerability distribution) that can significantly affect the model performance and three secondary issues (i.e., errors in source code, mislabeling, noisy historical data) that also affect the performance but can be addressed through a dedicated pre-processing procedure. In addition, we conduct a study of 14 papers along with 54 datasets for vulnerability detection to confirm these defined issues. Furthermore, we discuss good practices to use existing datasets and to create new ones.
title Data Quality Issues in Vulnerability Detection Datasets
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2410.06030