Article: A new semantic annotation approach for software vulnerability source code Journal: International Journal of Simulation and Process Modelling (IJSPM) 2021 Vol.16 No.1 pp.1 - 13 Abstract: An efficient semantic annotation approach is proposed to annotate software vulnerability source code based on the vulnerability code semantic description language (VCSDL) in this paper. A set of general annotation frameworks is proposed for two basic components: basic description information of vulnerability and vulnerability source code description information in the language. Specific annotation methods are studied for these two components, according to the annotation method of the basic description information of vulnerability. Also, the corresponding attribute in the VCSDL document structure is extracted to determine the labelling of the basic information of the vulnerability. While, according to the vulnerability source code information, the semantic annotation of the source code information of the vulnerability is implemented. The experimental results show that the proposed semantic annotation approach has a better effectiveness on the annotation of datasets with a simple code structure and a smaller scale. The success rate and accuracy of the proposed annotation are higher and the false positive rate and false negative rate are lower. Inderscience Publishers - linking academia, business and industry through research

Title: A new semantic annotation approach for software vulnerability source code

Authors: Chi Zhang; Jinfu Chen; Lei Zhang; Shujie Chen; Zufa Zhang

Addresses: School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang, 212013, China ' School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang, 212013, China ' China Information Technology Security Evaluation Center, Beijing 100085, China ' School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang, 212013, China ' School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang, 212013, China

Abstract: An efficient semantic annotation approach is proposed to annotate software vulnerability source code based on the vulnerability code semantic description language (VCSDL) in this paper. A set of general annotation frameworks is proposed for two basic components: basic description information of vulnerability and vulnerability source code description information in the language. Specific annotation methods are studied for these two components, according to the annotation method of the basic description information of vulnerability. Also, the corresponding attribute in the VCSDL document structure is extracted to determine the labelling of the basic information of the vulnerability. While, according to the vulnerability source code information, the semantic annotation of the source code information of the vulnerability is implemented. The experimental results show that the proposed semantic annotation approach has a better effectiveness on the annotation of datasets with a simple code structure and a smaller scale. The success rate and accuracy of the proposed annotation are higher and the false positive rate and false negative rate are lower.

Keywords: software vulnerability; semantic annotation; vulnerability source code; vulnerability detection.

DOI: 10.1504/IJSPM.2021.113070

International Journal of Simulation and Process Modelling, 2021 Vol.16 No.1, pp.1 - 13

Received: 10 Oct 2019
Accepted: 06 May 2020
Published online: 17 Feb 2021 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: A new semantic annotation approach for software vulnerability source code

Keep up-to-date