iTrustSO - an intelligent system for automatic detection of insecure code snippets in stack overflow.
ASONAM '19: International Conference on Advances in Social Networks Analysis and Mining Vancouver British Columbia Canada August, 2019(2019)
摘要
Despite the apparent benefits of modern social coding paradigm such as Stack Overflow, its potential security risks have been largely overlooked (e.g., insecure codes could be easily embedded and distributed). To address this imminent issue, in this paper, we bring a significant insight to leverage both social coding properties and code content for automatic detection of insecure code snippets in Stack Overflow. To determine if the given code snippets are insecure, we not only analyze the code content, but also utilize various kinds of relations among users, badges, questions, answers and code snippets in Stack Overflow. To model the rich semantic relationships, we first introduce a structured heterogeneous information network (HIN) for representation and then use meta-path based approach to incorporate higher-level semantics to build up relatedness over code snippets. Later, we propose a novel hierarchical attention-based sequence learning model named CodeHin2Vec to seamlessly integrate node (i.e., code snippet) content with HIN-based relations for representation learning. After that, a classifier is built for insecure code snippet detection. Integrating our proposed method, an intelligent system named iTrustSO is accordingly developed to address the code security issues in modern software coding platforms. Comprehensive experiments on the data collections from Stack Overflow are conducted to validate the effectiveness of our developed system iTrustSO by comparisons with alternative methods.
更多查看译文
关键词
social coding paradigm,insecure code snippet detection,intelligent system,code security issues,iTrustSO,stack overflow,hierarchical attention-based sequence learning model,software coding platforms,heterogeneous information network,HIN,meta-path based approach,CodeHin2Vec
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络