Comprehensive Review on Vulnerability Detection in Software

Comprehensive Review on Vulnerability Detection in Software

Authors

  • Mayuri Gawade

Keywords:

Vulnerability Detection, Software, Buffer Flow, Security Attack, F1-Score

Abstract

Detection of software vulnerabilities is crucial in software security as it finds potential vulnerabilities in software systems and allows for quick rectification and mitigation actions before they might be executed. Vulnerabilities are errors, flaws, or risky programming practices in the code that can result in data breaches, service rejections, security threats, and other issues. The capacity of automatic vulnerability detection to effectively analyze big codebases than manual code audits make it significant. In recent years, several models based on DL and ML have been introduced to identify vulnerabilities in source code. This work intends to make a survey that focuses on reviewing 25 articles on the topic of vulnerability detection in software. The survey includes the review of various contributions. Also, it analyses about the online databases used in the papers. Different detection methods as well as the type of vulnerabilities detected in 25 articles are reviewed. The research gaps identified in each works are explained and the performance measures along with best performance in each work are reviewed.

Downloads

Download data is not yet available.

References

A. Bahaa, A. E. -R. Kamal, H. Fahmy and A. S. Ghoneim, "DB-CBIL: A DistilBert-Based Transformer Hybrid Model Using CNN and BiLSTM for Software Vulnerability Detection," IEEE Access, vol. 12, pp. 64446-64460, 2024, doi: 10.1109/ACCESS.2024.3396410.

J. D. Pereira, N. Ivaki and M. Vieira, "Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects," IEEE Access, vol. 9, pp. 142879-142892, 2021, doi: 10.1109/ACCESS.2021.3120349.

M. Liu and B. Wang, "A Web Second-Order Vulnerabilities Detection Method," IEEE Access, vol. 6, pp. 70983-70988, 2018, doi: 10.1109/ACCESS.2018.2881070.

S. Han, H. Nam, J. Kang, K. Kim, S. Cho and S. Lee, "CODE-SMASH: Source-Code Vulnerability Detection Using Siamese and Multi-Level Neural Architecture," IEEE Access, vol. 12, pp. 102492-102504, 2024, doi: 10.1109/ACCESS.2024.3432323.

L. Han, M. Zhou, Y. Qian, C. Fu and D. Zou, "An Optimized Static Propositional Function Model to Detect Software Vulnerability," IEEE Access, vol. 7, pp. 143499-143510, 2019, doi: 10.1109/ACCESS.2019.2943896.

V. -H. Pham, D. Thi Thu Hien, N. Phuc Chuong, P. Thanh Thai and P. The Duy, "A Coverage-Guided Fuzzing Method for Automatic Software Vulnerability Detection Using Reinforcement Learning-Enabled Multi-Level Input Mutation," IEEE Access, vol. 12, pp. 129064-129080, 2024, doi: 10.1109/ACCESS.2024.3421989.

M. Zagane, M. K. Abdi and M. Alenezi, "Deep Learning for Software Vulnerabilities Detection Using Code Metrics," IEEE Access, vol. 8, pp. 74562-74570, 2020, doi: 10.1109/ACCESS.2020.2988557.

J. Gear, Y. Xu, E. Foo, P. Gauravaram, Z. Jadidi and L. Simpson, "Software Vulnerability Detection Using Informed Code Graph Pruning," IEEE Access, vol. 11, pp. 135626-135644, 2023, doi: 10.1109/ACCESS.2023.3338162.

M. Yi, X. Xu and L. Xu, "An Intelligent Communication Warning Vulnerability Detection Algorithm Based on IoT Technology," IEEE Access, vol. 7, pp. 164803-164814, 2019, doi: 10.1109/ACCESS.2019.2953075.

M. Koca and I. Avci, "A Novel Hybrid Model Detection of Security Vulnerabilities in Industrial Control Systems and IoT Using GCN+LSTM," IEEE Access, vol. 12, pp. 143343-143351, 2024, doi: 10.1109/ACCESS.2024.3466391.

G. Wu and H. Tang, "Binary Code Vulnerability Detection Based on Multi-Level Feature Fusion," IEEE Access, vol. 11, pp. 63904-63915, 2023, doi: 10.1109/ACCESS.2023.3289001.

Bhandari, G.P., Assres, G., Gavric, N. et al. “IoTvulCode: AI-enabled vulnerability detection in software products designed for IoT applications”. Int. J. Inf. Secur, vol. 23, pp. 2677–2690, (2024). https://doi.org/10.1007/s10207-024-00848-6

Xin Zhou, Jianmin Pang, Feng Yue, Fudong Liu, Jiayu Guo, Wenfu Liu, Zhihui Song, Guoqiang Shu, Bing Xia & Zheng Shan, “A new method of software vulnerability detection based on a quantum neural network”, Sci Rep, vol. 12, no. 8053, (2022). https://doi.org/10.1038/s41598-022-11227-3.

Zhihui Song, Xin Zhou, Jinchen Xu, Xiaodong Ding & Zheng Shan. “Recurrent quantum embedding neural network and its application in vulnerability detection”, Sci Rep, vol. 14, no. 13642, (2024). https://doi.org/10.1038/s41598-024-63021-y

Jingjie Xu, Ting Wang, Mingqi Lv, Tieming Chen, Tiantian Zhu & Baiyang Ji. “MVD-HG: multigranularity smart contract vulnerability detection method based on heterogeneous graphs”, Cybersecurity, vol. 7, no. 55, (2024). https://doi.org/10.1186/s42400-024-00245-5

An, J.H., Wang, Z. & Joe, I. “A CNN-based automatic vulnerability detection”, J Wireless Com Network, vol. 41, (2023). https://doi.org/10.1186/s13638-023-02255-2

Michal Szatmári, Bohuš Leitner, “Vulnerability Assessment and Risk Prioritization with HRVA Method for Railway Stations”, Transportation Research Procedia, vol. 55, pp. 1649-1656, 2021.

Aayush Pradhan, Rejo Mathew, “Solutions to Vulnerabilities and Threats in Software Defined Networking (SDN)”, Procedia Computer Science, vol. 171, pp. 2581-2589, 2020.

Aditya Kurniawan, Bahtiar Saleh Abbas, Agung Trisetyarso, Sani Muhammad Is, “Static Taint Analysis Traversal with Object Oriented Component for Web File Injection Vulnerability Pattern Detection”, Procedia Computer Science, vol. 135, pp. 596-605, 2018.

Navneet Bhatt, Jasmine Kaur, Adarsh Anand, Omar H. Alhazmi, “Selecting Best Software Vulnerability Scanner Using Intuitionistic Fuzzy Set TOPSIS, Computers”, Materials and Continua, vol. 72, no. 2, pp. 3613-3629, 26 March 2022.

Mamoona Humayun, NZ Jhanjhi , Maram Fahhad Almufareh , Muhammad Ibrahim Khalil, “Security Threat and Vulnerability Assessment and Measurement in Secure Software Development”, Computers, Materials and Continua, vol. 71, no. 3, pp. 5039-5059, 13 January 2022.

Sarvjeet Kaur Chatrath, G.S. Batra, Yogesh Chaba, “Handling consumer vulnerability in e-commerce product images using machine learning”, Heliyon, vol. 8, no. 9, September 2022, e10743.

Xin Wang, Runpu Wu, Jinxin Ma, Gang Long, Jedeng Han, “Research on Vulnerability Detection Technology for WEB Mail System”, Procedia Computer Science, vol. 131, pp. 124-130, 2018.

Yuning Jiang, Yacine Atif, “Towards automatic discovery and assessment of vulnerability severity in cyber–physical systems”, Array, Volume 15, September 2022, 100209.

Bui Van Cong, Cho Do Xuan, “A New Framework for Software Vulnerability Detection Based on an Advanced Computing”, Computers, Materials and Continua, vol. 79, no 3, pp. 3699-3723, 20 June 2024.

N. Medeiros, N. Ivaki, P. Costa and M. Vieira, "Vulnerable Code Detection Using Software Metrics and Machine Learning," IEEE Access, vol. 8, pp. 219174-219198, 2020, doi: 10.1109/ACCESS.2020.3041181.

Additional Files

Published

31-03-2025

How to Cite

Mayuri Gawade. (2025). Comprehensive Review on Vulnerability Detection in Software. Vidhyayana - An International Multidisciplinary Peer-Reviewed E-Journal - ISSN 2454-8596, 10(si4). Retrieved from http://www.j.vidhyayanaejournal.org/index.php/journal/article/view/2160

Issue

Vol. 10 No. si4 (2025): Volume 10, Special Issue 4, March 2025

Section

Research Papers