{"id":"https://openalex.org/W2981052583","doi":"https://doi.org/10.1109/tr.2021.3137314","title":"Statically Detecting Vulnerabilities by Processing Programming Languages as Natural Languages","display_name":"Statically Detecting Vulnerabilities by Processing Programming Languages as Natural Languages","publication_year":2022,"publication_date":"2022-01-11","ids":{"openalex":"https://openalex.org/W2981052583","doi":"https://doi.org/10.1109/tr.2021.3137314","mag":"2981052583"},"language":"en","primary_location":{"id":"doi:10.1109/tr.2021.3137314","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tr.2021.3137314","pdf_url":null,"source":{"id":"https://openalex.org/S87725633","display_name":"IEEE Transactions on Reliability","issn_l":"0018-9529","issn":["0018-9529","1558-1721"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Reliability","raw_type":"journal-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1910.06826","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058688939","display_name":"Ib\u00e9ria Medeiros","orcid":"https://orcid.org/0000-0003-4478-8680"},"institutions":[{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Iberia Medeiros","raw_affiliation_strings":["LASIGE, Faculdade de Ci&#x00EA;ncias, Universidade de Lisboa &#x2013; Portugal, Lisboa, Portugal"],"affiliations":[{"raw_affiliation_string":"LASIGE, Faculdade de Ci&#x00EA;ncias, Universidade de Lisboa &#x2013; Portugal, Lisboa, Portugal","institution_ids":["https://openalex.org/I141596103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072404521","display_name":"Nuno Neves","orcid":"https://orcid.org/0000-0003-0411-4542"},"institutions":[{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Nuno Neves","raw_affiliation_strings":["LASIGE, Faculdade de Ci&#x00EA;ncias, Universidade de Lisboa &#x2013; Portugal, Lisboa, Portugal"],"affiliations":[{"raw_affiliation_string":"LASIGE, Faculdade de Ci&#x00EA;ncias, Universidade de Lisboa &#x2013; Portugal, Lisboa, Portugal","institution_ids":["https://openalex.org/I141596103"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016455665","display_name":"Miguel Correia","orcid":"https://orcid.org/0000-0001-7873-5531"},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Miguel Correia","raw_affiliation_strings":["INESC-ID, Instituto Superior T&#x00E9;cnico, Universidade de Lisboa &#x2013; Portugal, Lisboa, Portugal"],"affiliations":[{"raw_affiliation_string":"INESC-ID, Instituto Superior T&#x00E9;cnico, Universidade de Lisboa &#x2013; Portugal, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5058688939"],"corresponding_institution_ids":["https://openalex.org/I141596103"],"apc_list":null,"apc_paid":null,"fwci":3.8174,"has_fulltext":false,"cited_by_count":14,"citation_normalized_percentile":{"value":0.93882995,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"71","issue":"2","first_page":"1033","last_page":"1056"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7946332693099976},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.7502092123031616},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.6585069298744202},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.6304761171340942},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.6003670692443848},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5568620562553406},{"id":"https://openalex.org/keywords/plug-in","display_name":"Plug-in","score":0.5370368957519531},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.510753870010376},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4222849905490875},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.32811301946640015},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.21066400408744812},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.20980876684188843},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.16024255752563477}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7946332693099976},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.7502092123031616},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.6585069298744202},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.6304761171340942},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.6003670692443848},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5568620562553406},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.5370368957519531},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.510753870010376},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4222849905490875},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.32811301946640015},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.21066400408744812},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.20980876684188843},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.16024255752563477},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tr.2021.3137314","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tr.2021.3137314","pdf_url":null,"source":{"id":"https://openalex.org/S87725633","display_name":"IEEE Transactions on Reliability","issn_l":"0018-9529","issn":["0018-9529","1558-1721"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Reliability","raw_type":"journal-article"},{"id":"pmh:oai:arXiv.org:1910.06826","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1910.06826","pdf_url":"https://arxiv.org/pdf/1910.06826","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1910.06826","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1910.06826","pdf_url":"https://arxiv.org/pdf/1910.06826","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.41999998688697815,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":55,"referenced_works":["https://openalex.org/W182831726","https://openalex.org/W240302486","https://openalex.org/W1420268584","https://openalex.org/W1536145689","https://openalex.org/W1563577331","https://openalex.org/W1565113942","https://openalex.org/W1565746575","https://openalex.org/W1570448133","https://openalex.org/W1969354810","https://openalex.org/W1975040830","https://openalex.org/W1991133427","https://openalex.org/W1992114977","https://openalex.org/W2007321142","https://openalex.org/W2014590767","https://openalex.org/W2028820179","https://openalex.org/W2054801208","https://openalex.org/W2069268700","https://openalex.org/W2078197322","https://openalex.org/W2079753286","https://openalex.org/W2086631206","https://openalex.org/W2088498570","https://openalex.org/W2093213895","https://openalex.org/W2098949613","https://openalex.org/W2105776892","https://openalex.org/W2106919779","https://openalex.org/W2112962899","https://openalex.org/W2125838338","https://openalex.org/W2146455667","https://openalex.org/W2148001343","https://openalex.org/W2164582878","https://openalex.org/W2166336492","https://openalex.org/W2292865721","https://openalex.org/W2297419069","https://openalex.org/W2469491375","https://openalex.org/W2529228428","https://openalex.org/W2732351623","https://openalex.org/W2781491433","https://openalex.org/W2888830098","https://openalex.org/W2962960733","https://openalex.org/W2972135640","https://openalex.org/W2985739320","https://openalex.org/W3041093094","https://openalex.org/W3047291452","https://openalex.org/W3101228802","https://openalex.org/W3112782338","https://openalex.org/W3127782461","https://openalex.org/W3147903118","https://openalex.org/W4243607364","https://openalex.org/W4297749952","https://openalex.org/W6628306711","https://openalex.org/W6634118787","https://openalex.org/W6733862737","https://openalex.org/W6754124592","https://openalex.org/W6767260250","https://openalex.org/W6787343302"],"related_works":["https://openalex.org/W2779307146","https://openalex.org/W2292865721","https://openalex.org/W4319165526","https://openalex.org/W2469491375","https://openalex.org/W4213079707","https://openalex.org/W2981941102","https://openalex.org/W3081644756","https://openalex.org/W2394062615","https://openalex.org/W4388185423","https://openalex.org/W2997105294"],"abstract_inverted_index":{"Web":[0],"applications":[1,138],"continue":[2],"to":[3,11,24,35,60,76,82,88,98,100,113,149],"be":[4],"a":[5,12,95,133],"favorite":[6],"target":[7],"for":[8,37],"hackers":[9],"due":[10],"combination":[13],"of":[14,27,136,152,158],"wide":[15],"adoption":[16],"and":[17,115,129,139],"rapid":[18],"deployment":[19],"cycles,":[20],"which":[21,71],"often":[22],"lead":[23],"the":[25,41,56,62,109,119,126],"introduction":[26],"high-impact":[28],"vulnerabilities.":[29,63],"Static":[30],"analysis":[31],"tools":[32,53,72],"are":[33],"important":[34],"search":[36],"vulnerabilities":[38,102,117,147],"automatically":[39,79],"in":[40,70,118,125],"program":[42],"source":[43,120],"code,":[44],"supporting":[45],"developers":[46],"on":[47,58,104],"their":[48],"removal.":[49],"However,":[50],"building":[51],"these":[52],"requires":[54],"programming":[55],"knowledge":[57],"how":[59],"discover":[61,114],"This":[64],"article":[65],"presents":[66],"an":[67,105],"alternative":[68],"approach":[69,93],"<italic":[73],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[74],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">learn</i>":[75],"detect":[77],"flaws":[78],"by":[80],"resorting":[81],"artificial":[83],"intelligence":[84],"concepts,":[85],"more":[86],"concretely":[87],"natural":[89],"language":[90],"processing.":[91],"The":[92],"employs":[94],"sequence":[96],"model":[97,110],"learn":[99],"characterize":[101],"based":[103],"annotated":[106],"corpus.":[107],"Afterwards,":[108],"is":[111],"utilized":[112],"identify":[116],"code.":[121],"It":[122],"was":[123],"implemented":[124],"DEKANT":[127],"tool":[128],"evaluated":[130],"experimentally":[131],"with":[132],"large":[134],"set":[135],"PHP":[137],"WordPress":[140],"plugins.":[141],"Overall,":[142],"we":[143],"found":[144],"several":[145],"thousand":[146],"belonging":[148],"15":[150],"classes":[151],"input":[153],"validation":[154],"vulnerabilities,":[155],"where":[156],"4143":[157],"them":[159],"were":[160],"zero-day.":[161]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2026-03-27T14:29:43.386196","created_date":"2025-10-10T00:00:00"}