Theses and Dissertations
Date of Award
8-2023
Document Type
Thesis
Degree Name
Master of Science (MS)
Department
Electrical Engineering
First Advisor
Dimah Dera
Second Advisor
Nantakan Wongkasem
Third Advisor
Heinrich D. Foltz
Abstract
Software systems are prone to code defects or vulnerabilities, resulting in several cyberattacks such as hacking, identity breach and information leakage leading to system failure. Vulnerabilities in software systems have severe societal implications, including threats to public safety, financial damage, and even risks to national security. Identifying and mitigating software vulnerabilities is critical to protect organizations and societies from potential threats. Machine learning algorithms have been employed to detect and classify potential vulnerabilities in software source code automatically. However, these algorithms are not robust to noise or malicious attacks and cannot quantify uncertainty in the model’s output. Quantifying uncertainty in the vulnerability detection mechanism can inform the user of possible noise or perturbation in the source codes and holds the promise for the safe deployment of trustworthy algorithms in real-world security applications. We develop a robust software vulnerability detection framework using Bayesian Recurrent Neural Networks (Bayesian SVD). The proposed models detect source code vulnerabilities and simultaneously learn uncertainty in output predictions. The proposed Bayesian SVD adopts variational inference and optimizes the variational posterior distribution defined over the model parameters using the evidence lower bound (ELBO). Within each state, the first two moments of the variational distribution are transmitted through the recurrent layers. At the SVD models’ output, the predictive distribution’s mean indicates the vulnerability class, while the covariance matrix captures the uncertainty information. Extensive experiments on benchmark datasets reveal (1) the robustness of the proposed models under noisy conditions and malicious attacks compared to the deterministic counterpart and (2) significantly higher uncertainty when the model encountered high levels of natural noise or malicious attacks, which serves as a warning for safe handling.
Recommended Citation
Aminul, Orune, "Robust and Uncertainty-Aware Software Vulnerability Detection Using Bayesian Recurrent Neural Networks" (2023). Theses and Dissertations. 1311.
https://scholarworks.utrgv.edu/etd/1311
Comments
Copyright 2023 Orune Aminul. All Rights Reserved.
https://go.openathens.net/redirector/utrgv.edu?url=https://www.proquest.com/dissertations-theses/robust-uncertainty-aware-software-vulnerability/docview/2861630552/se-2?accountid=7119