awesome-avd
A curated list of research resources in automated vulnerability detection (AVD)
Science Score: 75.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
✓DOI references
Found 49 DOI reference(s) in README -
✓Academic publication links
Links to: arxiv.org, sciencedirect.com, springer.com, ieee.org, acm.org, zenodo.org -
○Committers with academic emails
-
✓Institutional organization owner
Organization alan-turing-institute has institutional domain (turing.ac.uk) -
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (10.5%) to scientific vocabulary
Scientific Fields
Materials Science
Physical Sciences -
60% confidence
Psychology
Social Sciences -
60% confidence
Biology
Life Sciences -
40% confidence
Last synced: 4 months ago
·
JSON representation
·
Repository
A curated list of research resources in automated vulnerability detection (AVD)
Basic Info
- Host: GitHub
- Owner: alan-turing-institute
- License: cc0-1.0
- Default Branch: main
- Size: 449 KB
Statistics
- Stars: 33
- Watchers: 2
- Forks: 2
- Open Issues: 0
- Releases: 0
Created about 1 year ago
· Last pushed about 1 year ago
Metadata Files
Readme
License
Citation
README.md
Awesome Automated Vulnerability Detection
Welcome to the Automated vulnerability detection (AVD) repo, maintained by the AI for Cyber Defence Research Center at the Alan Turing Institute. Automated vulnerability detection (AVD) is an emerging research field aiming to automatically detect security vulnerabilities in software without human intervention. Compared to previous labour-intensive approaches such as code reviews and security audits, accurate AVD solutions enable the scalable detection of vulnerabilities, which facilitates further vulnerability analysis tasks such as exploitation and patching.
The following is a curated list of research papers, datasets, and resources in the field of AVD.
Contributions
We aim to keep the list updated to the best of our abilities. To contribute with new papers and resources, please open an issue or make a PR.
Table of Contents
Papers
2024
- Prompt-Enhanced Software Vulnerability Detection Using ChatGPT
- code: [repo]
- Large Language Model for Vulnerability Detection: Emerging Results and Future Directions
- code: [repo]
- GRACE: Empowering LLM-based software vulnerability detection with graph structure and in-context learning
- code: [repo]
- Dataflow Analysis-Inspired Deep Learning for Efficient Vulnerability Detection
- code: [repo]
- Enhancing vulnerability detection via AST decomposition and neural sub-tree encoding
- code: [repo]
- Code-centric learning-based just-in-time vulnerability detection
- code: [repo]
- LLbezpeky: Leveraging large Language Models for vulnerability detection
- Meta-Path Based Attentional Graph Learning Model for Vulnerability Detection
- code: [repo]
- Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems
- code: [repo]
- A vulnerability detection algorithm based on residual graph attention networks for source code imbalance (RGAN)
2023
- CSGVD: A deep learning approach combining sequence and graph embedding for source code vulnerability detection
- Vulnerability Detection with Graph Simplification and Enhanced Graph Representation Learning
- code: [repo]
- Vulnerability Detection by Learning From Syntax-Based Execution Paths of Code
- code: [repo]
- Transformer-based vulnerability detection in code at EditTime: Zero-shot, few-shot, or fine-tuning?
- DeepVD: Toward Class-Separation Features for Neural Network Vulnerability Detection
- code: [repo]
- MFXSS: An effective XSS vulnerability detection method in JavaScript based on multi-feature model
- Automated vulnerability detection in source code using quantum natural language processing
- When Less is Enough: Positive and Unlabeled Learning Model for Vulnerability Detection
- code: [repo]
- SedSVD: Statement-level software vulnerability detection based on Relational Graph Convolutional Network with subgraph embedding
- Recurrent Semantic Learning-Driven Fast Binary Vulnerability Detection in Healthcare Cyber Physical Systems
- Cross-domain vulnerability detection using graph embedding and domain adaptation
- CPVD: Cross Project Vulnerability Detection Based on Graph Attention Network and Domain Adaptation
- A transformer-based IDE plugin for vulnerability detection
- code: [repo]
- VULDEFF: Vulnerability detection method based on function fingerprints and code differences
2022
- VulDeeLocator: A Deep Learning-based Fine-grained Vulnerability Detector
- code: [repo]
- LineVul: a transformer-based line-level vulnerability prediction
- code: [repo]
- LineVD: Statement-level Vulnerability Detection using Graph Neural Networks
- code: [repo]
- MVD: Memory-Related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks
- code: [repo]
- VulCNN: An Image-inspired Scalable Vulnerability Detection System
- code: [repo]
- ReGVD: Revisiting Graph Neural Networks for Vulnerability Detection
- code: [repo]
- VUDENC: Vulnerability Detection with Deep Learning on a Natural Codebase for Python
- code: [repo]
- VulBERTa: Simplified Source Code Pre-Training for Vulnerability Detection
- code: [repo]
- Path-sensitive code embedding via contrastive learning for software vulnerability detection
- CD-VulD: Cross-Domain Vulnerability Discovery Based on Deep Domain Adaptation
- VulDeBERT: A Vulnerability Detection System Using BERT
- code: [repo]
- Example-based vulnerability detection and repair in Java code
- code: [repo]
- Cyber Security Vulnerability Detection Using Natural Language Processing
- VulSlicer: Vulnerability detection through code slicing
- code: [repo]
2021
- Deepwukong: Statically detecting software vulnerabilities using deep graph neural network
- code: [repo]
- Combining Graph-Based Learning With Automated Data Collection for Code Vulnerability Detection
- code: [repo]
- Vulnerability detection with fine-grained interpretations
- code: [repo]
- BGNN4VD: Constructing Bidirectional Graph Neural-Network for Vulnerability Detection
- Software Vulnerability Discovery via Learning Multi-Domain Knowledge Bases
- code: [repo]
- Security Vulnerability Detection Using Deep Learning Natural Language Processing
- VDSimilar: Vulnerability detection based on code similarity of vulnerabilities and patches
- Vu1SPG: Vulnerability detection based on slice property graph representation learning
- Vulnerability Detection in C/C++ Source Code With Graph Representation Learning
- HAN-BSVD: A hierarchical attention network for binary software vulnerability detection
- Software vulnerability detection via deep learning over disaggregated code graph representation
2020
- Deep Learning based Vulnerability Detection: Are We There Yet?
- code: [repo]
- LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program Metrics
- DeepBalance: Deep-Learning and Fuzzy Oversampling for Vulnerability Detection
- MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures
- Deep Learning for Software Vulnerabilities Detection Using Code Metrics
- Towards a Deep Learning Model for Vulnerability Detection on Web Application Variants
- A memory-related vulnerability detection approach based on vulnerability features
2019
- Devign: Effective Vulnerability Identification by Learning Comprehensive Program Semantics via Graph Neural Networks
- muVulDeePecker: A Deep Learning-Based System for Multiclass Vulnerability Detection
- Static Detection of Control-Flow-Related Vulnerabilities Using Graph Embedding
- Project Achilles: A Prototype Tool for Static Method-Level Vulnerability Detection of Java Source Code Using a Recurrent Neural Network
- code: [repo]
- A Lightweight Assisted Vulnerability Discovery Method Using Deep Neural Networks
- code: [repo]
2018
- VulDeePecker: A Deep Learning-Based System for Vulnerability Detection
- Automated Vulnerability Detection in Source Code Using Deep Representation Learning
- SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities
- code: [repo]
- Automated software vulnerability detection with machine learning
- CryptoGuard: High precision detection of cryptographic vulnerabilities in massive-sized Java projects
- code: [repo]
- Machine Learning Methods for Software Vulnerability Detection
2017
- VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery
- code: [repo]
- POSTER: Vulnerability Discovery with Function Representation Learning from Unlabeled Projects
- code: [repo]
- Vulnerability detection with deep learning
- Efficient and Flexible Discovery of PHP Application Vulnerabilities
2016
- Toward Large-Scale Vulnerability Discovery using Machine Learning
- VulPecker: an automated vulnerability detection system based on code similarity analysis
- Exploring context-sensitive data flow analysis for early vulnerability detection
2013
2012
2009
2008
2006
Empirical Studies
2024
- Revisiting the Performance of Deep Learning-Based Vulnerability Detection on Realistic Datasets
- Harnessing large language models for software vulnerability detection: A comprehensive benchmarking study
- Vulnerability Detection with Code Language Models: How Far Are We?
- VulEval: Towards repository-level evaluation of software vulnerability detection
2023
- Interpreters for GNN-Based Vulnerability Detection: Are We There Yet? - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis
- ChatGPT for Vulnerability Detection, Classification, and Repair: How Far Are We?
- An Empirical Study of Deep Learning Models for Vulnerability Detection
- How far have we gone in vulnerability detection using large language models
- Evaluation of ChatGPT model for vulnerability detection
- Understanding the effectiveness of Large Language Models in detecting security vulnerabilities
2022
- Transformer-Based Language Models for Software Vulnerability Detection - Proceedings of the 38th Annual Computer Security Applications Conference
- An empirical study on the effectiveness of static C code analyzers for vulnerability detection - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis
2021
2020
- A Comparative Study of Neural Network Techniques for Automatic Software Vulnerability Detection
- A Comparative Study of Static Code Analysis tools for Vulnerability Detection in C/C++ and JAVA Source Code
- The impact factors on the performance of machine learning-based vulnerability detection: A comparative study
2019
Surveys
2024
- Large Language Model for Vulnerability Detection: Emerging Results and Future Directions
- Top Score on the Wrong Exam: On Benchmarking in Machine Learning for Vulnerability Detection
2023
- Android Source Code Vulnerability Detection: A Systematic Literature Review
- Open Science in Software Engineering: A Study on Deep Learning-Based Vulnerability Detection
- An Investigation of Quality Issues in Vulnerability Detection Datasets
- A survey on automated software vulnerability detection using Machine Learning and Deep Learning
- Benchmarking software vulnerability detection techniques: A survey
2020
- Software Vulnerability Detection Using Deep Neural Networks: A Survey
- A Survey of Automatic Software Vulnerability Detection, Program Repair, and Defect Prediction Techniques
2018
2017
2016
Datasets
2021
2020
2019
2018
Owner
- Name: The Alan Turing Institute
- Login: alan-turing-institute
- Kind: organization
- Email: info@turing.ac.uk
- Website: https://turing.ac.uk
- Repositories: 477
- Profile: https://github.com/alan-turing-institute
The UK's national institute for data science and artificial intelligence.
Citation (CITATION.cff)
cff-version: 1.2.0
message: "If you use this repository, please cite it as below."
authors:
- family-names: "Ezzeldin"
given-names: "Shereen"
affiliation: "Alan Turing Institute"
- family-names: "Ristea"
given-names: "Dan"
affiliation: "Alan Turing Institute"
- family-names: "Vyas"
given-names: "Sanyam"
affiliation: "Alan Turing Institute"
- family-names: "McFadden"
given-names: "Shae"
affiliation: "Alan Turing Institute"
- family-names: "Dwyer"
given-names: "Madeleine"
affiliation: "Alan Turing Institute"
- family-names: "Hicks"
given-names: "Chris"
affiliation: "Alan Turing Institute"
- family-names: "Vasilios"
given-names: "Mavroudis"
affiliation: "Alan Turing Institute"
title: "Awesome-AVD"
version: 1.0.0
date-released: 2024-11-25
url: "https://github.com/alan-turing-institute/awesome-AVD"
preferred-citation:
type: article
title: "SoK: Mind the Gap—On Closing the Applicability Gap in Automated Vulnerability Detection"
authors:
- family-names: "Ezzeldin"
given-names: "Shereen"
affiliation: "Alan Turing Institute"
- family-names: "Ristea"
given-names: "Dan"
affiliation: "Alan Turing Institute"
- family-names: "Vyas"
given-names: "Sanyam"
affiliation: "Alan Turing Institute"
- family-names: "McFadden"
given-names: "Shae"
affiliation: "Alan Turing Institute"
- family-names: "Dwyer"
given-names: "Madeleine"
affiliation: "Alan Turing Institute"
- family-names: "Hicks"
given-names: "Chris"
affiliation: "Alan Turing Institute"
- family-names: "Vasilios"
given-names: "Mavroudis"
affiliation: "Alan Turing Institute"
GitHub Events
Total
- Watch event: 26
- Member event: 1
- Push event: 1
- Public event: 1
- Fork event: 2
Last Year
- Watch event: 26
- Member event: 1
- Push event: 1
- Public event: 1
- Fork event: 2
Committers
Last synced: 5 months ago
Top Committers
| Name | Commits | |
|---|---|---|
| Ezzeldin | e****i@g****m | 8 |
| Vasilios Mavroudis | m****v | 4 |
| Dan Ristea | d****a@p****m | 1 |
Issues and Pull Requests
Last synced: 5 months ago
All Time
- Total issues: 0
- Total pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Total issue authors: 0
- Total pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 0
- Pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Issue authors: 0
- Pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0