A study on misclassification of software vulnerabilities when using deep learning and machine learning algorithms

As the field of computer science has advanced over the years, there has been a tremendous increase in the software being created, and this increase has been accompanied by a growth of software vulnerabilities. A software vulnerability is a security flaw found in software that can potentially be exploited by attackers to perform cyber attacks. Since automatic approaches for identifying and analyzing vulnerabilities has become a trending topic in research community, the classification of vulnerability is still an open issue. Machine and deep learning has been applied as promising approaches for automatically classifying vulnerabilities; unfrotunately suche methods could produce errors due to misclassification. With this paper we compare five shallow learning models and fourteen deep learning models with the aim of characterizing quantitatively the differences in terms of classification's errors.