SECURE PROGRAMMING: AUTOMATED TOOLS FOR DETECTING VULNERABILITIES IN CODE
DOI:
https://doi.org/10.32782/IT/2024-4-6Keywords:
systems security, cybersecurity, vulnerabilities, open-source software, automation, security testing, assessment methodology.Abstract
The aim. Vulnerabilities can pose a serious risk and lead to system breaches, information leaks or denial of service. This problem is exacerbated by the shortage of cybersecurity professionals. Automated tools and technologies can optimize the vulnerability detection process, making it more efficient. The purpose of the work is to analyze the effectiveness of existing solutions for detecting different types of vulnerabilities at different stages of software development, as well as to identify the advantages and disadvantages of each of the tools. The work is aimed at improving the accuracy and efficiency of vulnerability detection in real programming conditions. The methodology. The existing automated tools for detecting vulnerabilities in code in the context of secure programming are studied. A comparative analysis of popular solutions, such as static code analyzers, dynamic analysis and dependency analysis tools, is conducted. The principles of operation, functionality and features of each tool are carefully studied. The main advantages and limitations of existing solutions are highlighted, in particular regarding their integration into processes, speed of error detection and accuracy of results. Based on the results of the analysis, recommendations are provided for the optimal selection and configuration of detection tools, as well as suggestions for their improvement to ensure more effective detection and elimination of vulnerabilities. Scientific novelty. Large language models and other artificial intelligence tools are quickly attracting attention and are used worldwide. The scientific novelty of this article lies in their comprehensive analysis. The article provides the first detailed comparison of different types of vulnerability detection tools, in particular with an emphasis on the latest solutions that provide more accurate detection of vulnerabilities in modern programming technologies. Current problems that arise when using automated vulnerability detection tools are identified, in particular, the issue of false positives and integration difficulties that are not always covered in existing studies. This allows for a deeper understanding of the limitations of existing solutions and to identify areas for their improvement. Conclusions. The results of this work demonstrate the significant potential of using machine learning to detect software vulnerabilities directly at the source code level. The dataset we created, as well as the application of machine learning methods, allowed us to achieve high accuracy in classifying potential vulnerabilities. It was proven that the efficiency of the analysis can be significantly improved, reducing the time required to detect vulnerabilities and allowing us to focus on potential problems faster.
References
B. Zhou, A. Khosla, A. Lapedriza, A. Oliva, and A. Torralba, «Learning deep features for discriminative localization,» in Computer Vision and Pattern Recognition (CVPR), pp. 2921–2929, IEEE, 2019.
Check Point Blog. Check Point Research: Third Quarter of 2022 Reveals Increase in Cyberattacks and Unexpected Developments in Global Trends. checkpoint.com. URL: https://blog.checkpoint.com/2022/10/26/third-quarter-of-2022-revealsincrease-in-cyberattacks/
D. Gonzalez, F. Alhenaki, and M. Mirakhorli. Architectural security weaknesses in industrial controlsystems (ICS) an empirical study based on disclosed software vulnerabilities. In 2019 IEEE International Conference on Software Architecture (ICSA), pages 31–40, March 2019.
G. Smith. The intelligent solution: Automation, the skills shortage and cyber-security. Comput. Fraud. Secur, 2018, 6–9.
H. Booth, D. Rike H. Booth, D. Rike, and G. Witte. The National Vulnerability Database (NVD): Overview. Technical report, National Institute of Standards and Technology (NIST), 2021.
H. Booth. Draft NISTIR 8138, Vulnerability Description Ontology (VDO). Technical report, National Institute of Standards and Technology (NIST), 2016.
M. Aminu, S. Anawansedo, Y. Sodiq. Driving Technological Innovation for a Resilient Cybersecurity Landscape. International Journal of Latest Technology in Engineering, Management & Applied Science, 13(4), 126–133, 2024.
N. Elmrabit, F. Zhou, F. Li. Evaluation of Machine Learning Algorithms for Anomaly Detection. In Proceedings of the 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), Dublin, Ireland, 15–19 June 2020; pp. 1–8.
S. Acharya, U. Rawat, R. Bhatnagar. A Comprehensive Review of Security: Treats, Vulnerabilities, MalwareDetection, and Analysis. In Security and Communication Net-works, 34 pages, 2023.
Z. Kremenek, T. Zhang. A memory model for static analysis of c programs. In International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (2018), Springer, pp. 535–548.
