{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T10:47:49Z","timestamp":1775040469296,"version":"3.50.1"},"reference-count":128,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"10","license":[{"start":{"date-parts":[[2020,10,1]],"date-time":"2020-10-01T00:00:00Z","timestamp":1601510400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,10,1]],"date-time":"2020-10-01T00:00:00Z","timestamp":1601510400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2020,10,1]],"date-time":"2020-10-01T00:00:00Z","timestamp":1601510400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. IEEE"],"published-print":{"date-parts":[[2020,10]]},"DOI":"10.1109\/jproc.2020.2993293","type":"journal-article","created":{"date-parts":[[2020,6,4]],"date-time":"2020-06-04T20:04:32Z","timestamp":1591301072000},"page":"1825-1848","source":"Crossref","is-referenced-by-count":384,"title":["Software Vulnerability Detection Using Deep Neural Networks: A Survey"],"prefix":"10.1109","volume":"108","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3280-1307","authenticated-orcid":false,"given":"Guanjun","family":"Lin","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0655-666X","authenticated-orcid":false,"given":"Sheng","family":"Wen","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7207-0716","authenticated-orcid":false,"given":"Qing-Long","family":"Han","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2189-7801","authenticated-orcid":false,"given":"Jun","family":"Zhang","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5252-0831","authenticated-orcid":false,"given":"Yang","family":"Xiang","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227135"},{"key":"ref38","article-title":"Automated software vulnerability detection with machine learning","author":"harer","year":"2018","journal-title":"arXiv 1803 04497"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3092566"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-006-6226-1"},{"key":"ref31","first-page":"1050","article-title":"Dropout as a Bayesian approximation: Representing model uncertainty in deep learning","author":"gal","year":"2016","journal-title":"Proc Int Conf Mach Learn"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1155\/2019\/6230953"},{"key":"ref37","first-page":"7933","article-title":"Learning to repair software vulnerabilities with generative adversarial networks","author":"harer","year":"2018","journal-title":"Proc Adv Neural Inf Process Syst"},{"key":"ref36","first-page":"1345","article-title":"Deepfix: Fixing common C language errors by deep learning","author":"gupta","year":"2017","journal-title":"Proc 31st AAAI Conf Artif Intell"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/2857705.2857720"},{"key":"ref34","article-title":"Neural turing machines","author":"graves","year":"2014","journal-title":"arXiv 1410 5401"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3196398.3196448"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-017-5069-3"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/502059.502041"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2010.06.003"},{"key":"ref22","first-page":"7","article-title":"Approximation with artificial neural networks","volume":"24","author":"cs\u00e1ji","year":"2001"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TCYB.2019.2940940"},{"key":"ref24","article-title":"Automatic feature learning for vulnerability prediction","author":"dam","year":"2017","journal-title":"arXiv 1708 02368"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/BF02551274"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2885561"},{"key":"ref26","article-title":"BERT: Pre-training of deep bidirectional transformers for language understanding","author":"devlin","year":"2018","journal-title":"arXiv 1810 04805"},{"key":"ref100","first-page":"2440","article-title":"End-to-end memory networks","author":"sukhbaatar","year":"2015","journal-title":"Proc Adv Neural Inf Process Syst"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2013.6639345"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2004.1281665"},{"key":"ref51","first-page":"1188","article-title":"Distributed representations of sentences and documents","author":"le","year":"2014","journal-title":"Proc Int Conf Mach Learn"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2954088"},{"key":"ref58","first-page":"219","article-title":"Deep learning-based vulnerable function detection: A benchmark","author":"lin","year":"2019","journal-title":"Proc Int Conf Inf Commun Secur"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/1095430.1081755"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23158"},{"key":"ref55","article-title":"SySeVR: A framework for using deep learning to detect software vulnerabilities","author":"li","year":"2018","journal-title":"arXiv 1807 06756"},{"key":"ref54","article-title":"Learning binary code with deep learning to detect software weakness","author":"lee","year":"2017","journal-title":"Proc KSII 9th Int Conf Internet Symp"},{"key":"ref53","doi-asserted-by":"crossref","first-page":"436","DOI":"10.1038\/nature14539","article-title":"Deep learning","volume":"521","author":"lecun","year":"2015","journal-title":"Nature"},{"key":"ref52","article-title":"Maximal divergence sequential autoencoder for binary software vulnerability detection","author":"le","year":"2018","journal-title":"Proc Int Conf Learn Represent (ICLR)ICLR"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227135"},{"key":"ref4","year":"2016","journal-title":"Rough Auditing Tool for Security (RATS)"},{"key":"ref3","year":"2014","journal-title":"Shellshock All You Need to Know About the Bash Bug Vulnerability"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1287624.1287630"},{"key":"ref5","year":"2017","journal-title":"Equifax Had Patch 2 Months Before Hack and Didn&#x2019;t Install It Security Group Says"},{"key":"ref8","first-page":"40","volume":"3","author":"alon","year":"2019","journal-title":"Proc ACM Program Lang POPL"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3212695"},{"key":"ref49","first-page":"1097","article-title":"Imagenet classification with deep convolutional neural networks","author":"krizhevsky","year":"2012","journal-title":"Proc Adv Neural Inf Process Syst"},{"key":"ref9","article-title":"Neural machine translation by jointly learning to align and translate","author":"bahdanau","year":"2014","journal-title":"arXiv 1409 0473"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/D14-1181"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.62"},{"key":"ref48","article-title":"Semi-supervised classification with graph convolutional networks","author":"kipf","year":"2016","journal-title":"arXiv 1609 02907"},{"key":"ref47","article-title":"Auto-encoding variational Bayes","author":"kingma","year":"2013","journal-title":"arXiv 1312 6114"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.13"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/DSC.2016.33"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2016.2615098"},{"key":"ref127","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2942930"},{"key":"ref126","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.04.016"},{"key":"ref125","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2017.2697856"},{"key":"ref124","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2012.98"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315311"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/375360.375365"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606584"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.1007\/s00165-014-0326-7"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062514"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2015.99"},{"key":"ref77","author":"parr","year":"2013","journal-title":"The Definitive Antlr 4 Reference"},{"key":"ref74","first-page":"3","article-title":"Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software","author":"newsome","year":"2005","journal-title":"Proc NDSS"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.500-297"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-25159-2_49"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813604"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3138840"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/MINES.2012.202"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2018.2821768"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2800740"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2014.11.023"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1976.233837"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653717"},{"key":"ref67","article-title":"Efficient estimation of word representations in vector space","author":"mikolov","year":"2013","journal-title":"arXiv 1301 3781 [cs]"},{"key":"ref68","first-page":"3111","article-title":"Distributed representations of words and phrases and their compositionality","author":"mikolov","year":"2013","journal-title":"Proc Adv Neural Inf Process Syst"},{"key":"ref2","year":"2009","journal-title":"Securely taking on new executable software of uncertain provenance (STONESOUP)"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/2746194.2746198"},{"key":"ref1","year":"2017","journal-title":"The Heartbleed Vulnerability"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00003"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1145\/1414004.1414065"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00003"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.81"},{"key":"ref107","first-page":"5998","article-title":"Attention is all you need","author":"vaswani","year":"2017","journal-title":"Proc Adv Neural Inf Process Syst"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2013.04.002"},{"key":"ref106","article-title":"AEG: Automatic exploit generation","author":"thanassis","year":"2011","journal-title":"Proc Symp Netw Distrib Syst Security"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1145\/2351676.2351733"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/P15-1150"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2373377"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2017.2761740"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/2187671.2187673"},{"key":"ref103","author":"sutton","year":"2007","journal-title":"Fuzzing Brute Force Vulnerability Discovery"},{"key":"ref102","first-page":"3104","article-title":"Sequence to sequence learning with neural networks","author":"sutskever","year":"2014","journal-title":"Proc Adv Neural Inf Process Syst"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2013.2295802"},{"key":"ref112","article-title":"Memory networks","author":"weston","year":"2014","journal-title":"arXiv 1410 3916"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884804"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/IWCMC.2019.8766500"},{"key":"ref99","article-title":"Weakly supervised memory networks","author":"sukhbaatar","year":"2015","journal-title":"arXiv 1503 08895"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-011-9190-8"},{"key":"ref97","first-page":"129","article-title":"Parsing natural scenes and natural language with recursive neural networks","author":"socher","year":"2011","journal-title":"Proc 28th Int Conf Mach Learn (ICML)"},{"key":"ref10","first-page":"2","article-title":"Samate&#x2019;s contribution to information assurance","volume":"500","author":"black","year":"2006","journal-title":"NIST Special Publication"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.6028\/jres.123.005"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.TN.1995"},{"key":"ref13","first-page":"209","article-title":"KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs","volume":"8","author":"cadar","year":"2008","journal-title":"Proc OSDI"},{"key":"ref14","first-page":"1145","article-title":"Deep neural networks for learning graph representations","author":"cao","year":"2016","journal-title":"Proc 13th AAAI Conf Artif Intell"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2932228"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1145\/1218063.1217938"},{"key":"ref16","author":"chess","year":"2019","journal-title":"Rough Auditing Tool for Security"},{"key":"ref118","article-title":"A comprehensive survey on graph neural networks","author":"wu","year":"2019","journal-title":"arXiv 1901 00596"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664269"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/D14-1179"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.11.013"},{"key":"ref84","author":"ramsundar","year":"2018","journal-title":"TensorFlow for Deep Learning From Linear Regression to Reinforcement Learning"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2017\/214"},{"key":"ref83","first-page":"49","article-title":"Under-constrained symbolic execution: Correctness checking for real code","author":"ramos","year":"2015","journal-title":"Proc Usenix Secur Symp"},{"key":"ref19","author":"chollet","year":"2015","journal-title":"Keras"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2015.38"},{"key":"ref113","author":"wheeler","year":"2016","journal-title":"Flawfinder"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1109\/CompComm.2017.8322752"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/N18-1202"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.2307\/3001968"},{"key":"ref89","article-title":"Towards security defect prediction with AI","author":"sestili","year":"2018","journal-title":"arXiv 1808 09897"},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2421003"},{"key":"ref121","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.54"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516665"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/P14-2105"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939778"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2018.00120"},{"key":"ref87","first-page":"1041","article-title":"Vulnerability disclosure in the age of social media: Exploiting Twitter for predicting real-world exploits","author":"sabottke","year":"2015","journal-title":"Proc Usenix Secur Symp"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2340398"}],"container-title":["Proceedings of the IEEE"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/5\/9207923\/09108283.pdf?arnumber=9108283","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,27]],"date-time":"2022-04-27T13:39:58Z","timestamp":1651066798000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9108283\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10]]},"references-count":128,"journal-issue":{"issue":"10"},"URL":"https:\/\/doi.org\/10.1109\/jproc.2020.2993293","relation":{},"ISSN":["0018-9219","1558-2256"],"issn-type":[{"value":"0018-9219","type":"print"},{"value":"1558-2256","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,10]]}}}