{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T03:51:38Z","timestamp":1767844298413,"version":"3.49.0"},"reference-count":62,"publisher":"Springer Science and Business Media LLC","issue":"20","license":[{"start":{"date-parts":[[2021,5,17]],"date-time":"2021-05-17T00:00:00Z","timestamp":1621209600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,5,17]],"date-time":"2021-05-17T00:00:00Z","timestamp":1621209600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"name":"2019 Educational Research Project of Fujian Province","award":["JAT190695"],"award-info":[{"award-number":["JAT190695"]}]},{"name":"the Optoelectronic Information Technology Key Laboratory Open Project Fund of Yunnan Province","award":["YNOE-2020-01"],"award-info":[{"award-number":["YNOE-2020-01"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Neural Comput & Applic"],"published-print":{"date-parts":[[2021,10]]},"DOI":"10.1007\/s00521-021-05954-3","type":"journal-article","created":{"date-parts":[[2021,5,17]],"date-time":"2021-05-17T14:02:57Z","timestamp":1621260177000},"page":"13287-13300","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":22,"title":["Deep neural-based vulnerability discovery demystified: data, model and performance"],"prefix":"10.1007","volume":"33","author":[{"given":"Guanjun","family":"Lin","sequence":"first","affiliation":[]},{"given":"Wei","family":"Xiao","sequence":"additional","affiliation":[]},{"given":"Leo Yu","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Shang","family":"Gao","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9186-475X","authenticated-orcid":false,"given":"Yonghang","family":"Tai","sequence":"additional","affiliation":[]},{"given":"Jun","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,5,17]]},"reference":[{"key":"5954_CR1","unstructured":"Equifax had patch 2 months before hack and didn\u2019t install it, security group says. https:\/\/www.usatoday.com\/story\/money\/2017\/09\/14\/equifax-identity-theft-hackers-apache-struts\/665100001\/ September 2017. Accessed 8 June 2019"},{"issue":"10","key":"5954_CR2","first-page":"1825","volume":"1080","author":"L Guanjun","year":"2020","unstructured":"Guanjun L, Sheng W, QingLong H, Jun Z, Yang X (2020) Software vulnerability detection using deep neural networks: a survey. Proc IEEE 1080(10):1825\u20131848","journal-title":"Proc IEEE"},{"key":"5954_CR3","unstructured":"David A (2016) Wheeler. Flawfinder. https:\/\/www.dwheeler.com\/flawfinder\/ Accessed 20 May 2018"},{"key":"5954_CR4","unstructured":"Cadar C, Dunbar D, Engler DR, et al (2008) Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, vol 8, pp 209\u2013224"},{"key":"5954_CR5","volume-title":"Fuzzing: brute force vulnerability discovery","author":"M Sutton","year":"2007","unstructured":"Sutton M, Greene A, Amini P (2007) Fuzzing: brute force vulnerability discovery. Pearson Education, London"},{"key":"5954_CR6","volume-title":"Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software","author":"J Newsome","year":"2005","unstructured":"Newsome J, Song D (2005) Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. Citeseer, Princeton"},{"key":"5954_CR7","unstructured":"Yamaguchi F, Lindner F, Rieck K (2011) Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning. In: Proceedings of the 5th USENIX conference on Offensive technologies. USENIX Association"},{"issue":"2","key":"5954_CR8","first-page":"1744","volume":"210","author":"S Nan","year":"2019","unstructured":"Nan S, Jun Z, Paul R, Shang G, Zhang Leo Yu, Yang X (2019) Data-driven cybersecurity incident prediction: a survey. IEEE Commun Surv Tutor 210(2):1744\u20131772","journal-title":"IEEE Commun Surv Tutor"},{"key":"5954_CR9","doi-asserted-by":"publisher","DOI":"10.1109\/TCYB.2019.2940940","author":"R Coulter","year":"2019","unstructured":"Coulter R, Han Q-L, Pan L, Zhang J, Xiang Y (2019) Data-driven cyber security in perspective-intelligent traffic analysis. IEEE Trans Cybern. https:\/\/doi.org\/10.1109\/TCYB.2019.2940940","journal-title":"IEEE Trans Cybern"},{"issue":"1","key":"5954_CR10","first-page":"104","volume":"240","author":"Z Jun","year":"2013","unstructured":"Jun Z, Yang X, Wang Yu, Wanlei Z, Yong X, Yong G (2013) Network traffic classification using correlation information. IEEE Trans Parallel Distrib Syst 240(1):104\u2013117","journal-title":"IEEE Trans Parallel Distrib Syst"},{"issue":"4","key":"5954_CR11","first-page":"56","volume":"500","author":"GS Mohammad","year":"2017","unstructured":"Mohammad GS, Reza SH (2017) Software vulnerability analysis and discovery using machine-learning and data-mining techniques: A survey. ACM Comput Surv 500(4):56","journal-title":"ACM Comput Surv"},{"issue":"6","key":"5954_CR12","first-page":"772","volume":"370","author":"S Yonghee","year":"2011","unstructured":"Yonghee S, Andrew M, Laurie W, Osborne Jason A (2011) Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. TSE 370(6):772\u2013787","journal-title":"TSE"},{"issue":"2","key":"5954_CR13","doi-asserted-by":"publisher","first-page":"1397","DOI":"10.1109\/COMST.2018.2800740","volume":"200","author":"L Liu","year":"2018","unstructured":"Liu L, De Vel O, Han Q-L, Zhang J, Xiang Y (2018) Detecting and preventing cyber insider threats: a survey. IEEE Commun Surv Tutor 200(2):1397\u20131417","journal-title":"IEEE Commun Surv Tutor"},{"key":"5954_CR14","doi-asserted-by":"crossref","unstructured":"Yamaguchi F, Golde N, Arp D, Rieck K (2014) Modeling and discovering vulnerabilities with code property graphs. In: 2014 IEEE symposium on security and privacy (SP), pp 590\u2013604. IEEE","DOI":"10.1109\/SP.2014.44"},{"key":"5954_CR15","doi-asserted-by":"crossref","unstructured":"Yamaguchi F, Lottmann M, Rieck K (2012) Generalized vulnerability extrapolation using abstract syntax trees. In: Proceedings of the 28th ACSAC, pp 359\u2013368. ACM","DOI":"10.1145\/2420950.2421003"},{"key":"5954_CR16","doi-asserted-by":"publisher","first-page":"987","DOI":"10.1109\/TIFS.2019.2932228","volume":"15","author":"X Chen","year":"2020","unstructured":"Chen X, Li C, Wang D, Wen S, Zhang J, Nepal S, Xiang Y, Ren K (2020) Android HIV: A study of repackaging malware for evading machine-learning detection. IEEE Trans Inf Forensics Secur 15:987\u20131001","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"5954_CR17","doi-asserted-by":"crossref","unstructured":"Perl H, Dechand S, Smith M, Arp D, Yamaguchi F, Rieck K, Fahl S, Acar Y (2015) Vccfinder: finding potential vulnerabilities in open-source projects to assist code audits. In: Proceedings of the 22nd SIGSAC conference on CCS, pp 426\u2013437. ACM","DOI":"10.1145\/2810103.2813604"},{"issue":"7","key":"5954_CR18","first-page":"3289","volume":"140","author":"L Guanjun","year":"2018","unstructured":"Guanjun L, Jun Z, Wei L, Lei P, Yang X, De Vel O, Paul M (2018) Cross-project transfer representation learning for vulnerable function discovery. IEEE Trans Ind Inf 140(7):3289\u20133297","journal-title":"IEEE Trans Ind Inf"},{"key":"5954_CR19","doi-asserted-by":"crossref","unstructured":"Lin G, Zhang J, Luo W, Pan L, Xiang Y (2017) Poster: vulnerability discovery with function representation learning from unlabeled projects. In: Proceedings of the 2017 SIGSAC Conference on CCS, pp 2539\u20132541. ACM","DOI":"10.1145\/3133956.3138840"},{"key":"5954_CR20","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2954088","author":"G Lin","year":"2019","unstructured":"Lin G, Zhang J, Luo W, Pan L, De VO, Montague P, Xiang Y (2019) Software vulnerability discovery via learning multi-domain knowledge bases. IEEE Trans Depend Secure Comput. https:\/\/doi.org\/10.1109\/TDSC.2019.2954088","journal-title":"IEEE Trans Depend Secure Comput"},{"issue":"10","key":"5954_CR21","first-page":"993","volume":"400","author":"R Scandariato","year":"2014","unstructured":"Scandariato R, Walden J, Hovsepyan A, Joosen W (2014) Predicting vulnerable software components via text mining. TSE 400(10):993\u20131006","journal-title":"TSE"},{"key":"5954_CR22","doi-asserted-by":"crossref","unstructured":"Choi M, Jeong S, Oh H, Choo J (2017) End-to-end prediction of buffer overruns from raw source code via neural memory networks. arXiv preprint arXiv:1703.02458","DOI":"10.24963\/ijcai.2017\/214"},{"key":"5954_CR23","unstructured":"Sestili CD, Snavely WS, VanHoudnos NM (2018) Towards security defect prediction with AI. arXiv preprint arXiv:1808.09897"},{"key":"5954_CR24","doi-asserted-by":"crossref","unstructured":"Peng H, Mou L, Li G, Liu Y, Zhang L, Jin Z (2015) Building program vector representations for deep learning. In: International conference on knowledge science, engineering and management, pp 547\u2013553. Springer","DOI":"10.1007\/978-3-319-25159-2_49"},{"key":"5954_CR25","doi-asserted-by":"crossref","unstructured":"Black PE (2018) A software assurance reference dataset: Thousands of programs with known bugs. J Res Natl Inst Stand Technol 123","DOI":"10.6028\/jres.123.005"},{"key":"5954_CR26","doi-asserted-by":"crossref","unstructured":"Black PE, Black PE (2018) Juliet 1.3 Test Suite: Changes From 1.2. US Department of Commerce, National Institute of Standards and Technology","DOI":"10.6028\/NIST.TN.1995"},{"key":"5954_CR27","volume-title":"TensorFlow for deep learning: from linear regression to reinforcement learning","author":"B Ramsundar","year":"2018","unstructured":"Ramsundar B, Zadeh RB (2018) TensorFlow for deep learning: from linear regression to reinforcement learning. O\u2019Reilly Media Inc., Newton"},{"key":"5954_CR28","doi-asserted-by":"crossref","unstructured":"Shar LK, Tan HBK (2012) Predicting common web application vulnerabilities from input validation and sanitization code patterns. In: 2012 Proceedings of the 27th IEEE\/ACM international conference on automated software engineering, pp 310\u2013313. IEEE","DOI":"10.1145\/2351676.2351733"},{"key":"5954_CR29","doi-asserted-by":"crossref","unstructured":"Grieco Gustavo, Grinblat Guillermo Luis, Uzal Lucas, Rawat Sanjay, Feist Josselin, Mounier Laurent (2016) Toward large-scale vulnerability discovery using machine learning. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, pages 85\u201396. ACM","DOI":"10.1145\/2857705.2857720"},{"issue":"3","key":"5954_CR30","first-page":"2261","volume":"1020","author":"D Feng","year":"2018","unstructured":"Feng D, Wang LQ, Guoai X, Shaodong Z (2018) Defect prediction in android binary executables using deep neural network. Wireless Pers Commun 1020(3):2261\u20132285","journal-title":"Wireless Pers Commun"},{"key":"5954_CR31","unstructured":"Lee YJ, Choi S-H, Kim C, Lim S-H, Park K-W (2017) Learning binary code with deep learning to detect software weakness. In: KSII the 9th international conference on internet (ICONI) 2017 symposium"},{"key":"5954_CR32","unstructured":"Harer JA, Kim LY, Russell RL, Ozdemir O, Kosta LR, Rangamani A, Hamilton LH, Centeno GI, Key JR, Ellingwood PM et al (2018) Automated software vulnerability detection with machine learning. arXiv preprint arXiv:1803.04497"},{"key":"5954_CR33","doi-asserted-by":"crossref","unstructured":"Russell R, Kim L, Hamilton L, Lazovich T, Harer J, Ozdemir O, Ellingwood P, McConley M (2018) Automated vulnerability detection in source code using deep representation learning. In: 2018 17th IEEE international conference on machine learning and applications (ICMLA), pp 757\u2013762. IEEE","DOI":"10.1109\/ICMLA.2018.00120"},{"key":"5954_CR34","doi-asserted-by":"crossref","unstructured":"Li Z, Zou D, Xu S, Jin H, Qi H, Hu J (2016) Vulpecker: an automated vulnerability detection system based on code similarity analysis. In: Proceedings of the 32nd ACCSA, pp 201\u2013213. ACM","DOI":"10.1145\/2991079.2991102"},{"issue":"8","key":"5954_CR35","first-page":"1735","volume":"90","author":"H Sepp","year":"1997","unstructured":"Sepp H, J\u00fcrgen S (1997) Long short-term memory. Neural Comput 90(8):1735\u20131780","journal-title":"Neural Comput"},{"key":"5954_CR36","unstructured":"Dam HK, Tran T, Pham T, Ng SW, Grundy J, Ghose A (2017) Automatic feature learning for vulnerability prediction. arXiv preprint arXiv:1708.02368"},{"key":"5954_CR37","unstructured":"Li Z, Zou D, Xu S, Jin H, Zhu Y, Chen Z, Wang S, Wang J (2018) Sysevr: a framework for using deep learning to detect software vulnerabilities. arXiv preprint arXiv:1807.06756"},{"key":"5954_CR38","unstructured":"Kostadinov S (2019) Understanding GRU networks. https:\/\/www.Towardsdatascience.com (December 2017). Accessed 30 Apr 2019"},{"key":"5954_CR39","doi-asserted-by":"crossref","unstructured":"Wu F, Wang J, Liu J, Wang W (2017) Vulnerability detection with deep learning. In: 2017 3rd IEEE international conference on computer and communications (ICCC), pp 1298\u20131302. IEEE","DOI":"10.1109\/CompComm.2017.8322752"},{"key":"5954_CR40","unstructured":"Le T, Nguyen T, Le T, Phung D, Montague P, De Olivier V, Qu L (2018) Maximal divergence sequential autoencoder for binary software vulnerability detection"},{"key":"5954_CR41","unstructured":"Sukhbaatar S, Weston J, Fergus R et al (2015) End-to-end memory networks. In: Advances in neural information processing systems, pp 2440\u20132448"},{"key":"5954_CR42","unstructured":"Weston J, Chopra S, Bordes A (2014) Memory networks. arXiv preprint arXiv:1410.3916"},{"issue":"1","key":"5954_CR43","first-page":"25","volume":"180","author":"S Yonghee","year":"2013","unstructured":"Yonghee S, Laurie W (2013) Can traditional fault prediction models be used for vulnerability prediction? ESE 180(1):25\u201359","journal-title":"ESE"},{"issue":"3","key":"5954_CR44","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1016\/j.dcan.2020.07.003","volume":"6","author":"M Wang","year":"2020","unstructured":"Wang M, Zhu T, Zhang T, Zhang J, Yu S, Zhou W (2020) Security and privacy in 6G networks: new areas and new challenges. Digit Commun Netw 6(3):281\u2013291","journal-title":"Digit Commun Netw"},{"issue":"12","key":"5954_CR45","first-page":"2295","volume":"1050","author":"S Vivienne","year":"2017","unstructured":"Vivienne S, Yu-Hsin C, Tien-Ju Y, Emer Joel S (2017) Efficient processing of deep neural networks: a tutorial and survey. Proc IEEE 1050(12):2295\u20132329","journal-title":"Proc IEEE"},{"issue":"4","key":"5954_CR46","first-page":"81","volume":"510","author":"A Miltiadis","year":"2018","unstructured":"Miltiadis A, Barr Earl T, Premkumar D, Charles S (2018) A survey of machine learning for big code and naturalness. ACM Comput Surv 510(4):81","journal-title":"ACM Comput Surv"},{"key":"5954_CR47","doi-asserted-by":"crossref","unstructured":"Li Z, Zou D, Xu S, Ou X, Jin H, Wang S, Deng Z, Zhong Y (2018) Vuldeepecker: a deep learning-based system for vulnerability detection. In: Proceedings of NDSS","DOI":"10.14722\/ndss.2018.23158"},{"key":"5954_CR48","unstructured":"Lipton ZC, Berkowitz J, Elkan C (2015) A critical review of recurrent neural networks for sequence learning. arXiv preprint arXiv:1506.00019"},{"key":"5954_CR49","unstructured":"Olah C (2015) Understanding LSTM networks. GITHUB blog. Accessed 30 Apr 2019"},{"key":"5954_CR50","unstructured":"Nguyen M (2018) Illustrated guide to LSTM\u2019s and GRU\u2019s: a step by step explanation. https:\/\/www.Towardsdatascience.com. Accessed 30 Apr 2019"},{"key":"5954_CR51","unstructured":"Britz D (2015) Recurrent neural network tutorial, part 4 - implementing a GRU\/LSTM RNN with python and theano. https:\/\/www.Wildml.com. Accessed 30 Apr 2019"},{"key":"5954_CR52","doi-asserted-by":"crossref","unstructured":"Kim Y (2014) Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882","DOI":"10.3115\/v1\/D14-1181"},{"key":"5954_CR53","unstructured":"Zhang Y, Wallace B (2015) A sensitivity analysis of (and practitioners\u2019 guide to) convolutional neural networks for sentence classification. arXiv preprint arXiv:1510.03820"},{"key":"5954_CR54","doi-asserted-by":"crossref","unstructured":"Yih W-T, He X, Meek C (2014) Semantic parsing for single-relation question answering. In: Proceedings of the 52nd annual meeting of the association for computational linguistics, vol 2, pp 643\u2013648","DOI":"10.3115\/v1\/P14-2105"},{"issue":"6","key":"5954_CR55","first-page":"1","volume":"530","author":"Q Junyang","year":"2020","unstructured":"Junyang Q, Jun Z, Wei L, Lei P, Surya N, Yang X (2020) A survey of android malware detection with deep neural models. ACM Comput Surv (CSUR) 530(6):1\u201336","journal-title":"ACM Comput Surv (CSUR)"},{"key":"5954_CR56","unstructured":"Chollet F et al (2015) Keras. https:\/\/github.com\/fchollet\/keras"},{"key":"5954_CR57","unstructured":"Gal Y, Ghahramani Z (2016) Dropout as a Bayesian approximation: representing model uncertainty in deep learning. In: International conference on machine learning, pp 1050\u20131059"},{"key":"5954_CR58","unstructured":"Mikolov T, Chen K, Corrado G, Dean J (2013) Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781"},{"key":"5954_CR59","volume-title":"Introduction to information retrieval","author":"PR Christopher","year":"2009","unstructured":"Christopher PR, Manning D, Sch\u00fctze H (2009) Introduction to information retrieval. Cambridge University Press, Cambridge"},{"key":"5954_CR60","first-page":"265","volume":"16","author":"M Abadi","year":"2016","unstructured":"Abadi M, Barham P, Chen J, Chen Z, Davis A, Dean J, Devin M, Ghemawat S, Irving G, Isard M et al (2016) Tensorflow: a system for large-scale machine learning. OSDI 16:265\u2013283","journal-title":"OSDI"},{"key":"5954_CR61","unstructured":"Radim R, Petr S (2010) Software framework for topic modelling with large corpora. In: Proceedings of the LREC 2010 workshop on new challenges for NLP frameworks, pp 45\u201350"},{"key":"5954_CR62","unstructured":"Xu ZJ (2018) Understanding training and generalization in deep learning by Fourier analysis. arXiv preprint arXiv:1808.04295"}],"container-title":["Neural Computing and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-021-05954-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00521-021-05954-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-021-05954-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,24]],"date-time":"2021-10-24T07:15:31Z","timestamp":1635059731000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00521-021-05954-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,17]]},"references-count":62,"journal-issue":{"issue":"20","published-print":{"date-parts":[[2021,10]]}},"alternative-id":["5954"],"URL":"https:\/\/doi.org\/10.1007\/s00521-021-05954-3","relation":{},"ISSN":["0941-0643","1433-3058"],"issn-type":[{"value":"0941-0643","type":"print"},{"value":"1433-3058","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,5,17]]},"assertion":[{"value":"20 July 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 March 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 May 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}