{"id":"https://openalex.org/W4399147195","doi":"https://doi.org/10.1109/trustcom60117.2023.00219","title":"Code Execution Capability as a Metric for Machine Learning-Assisted Software Vulnerability Detection Models","display_name":"Code Execution Capability as a Metric for Machine Learning-Assisted Software Vulnerability Detection Models","publication_year":2023,"publication_date":"2023-11-01","ids":{"openalex":"https://openalex.org/W4399147195","doi":"https://doi.org/10.1109/trustcom60117.2023.00219"},"language":"en","primary_location":{"id":"doi:10.1109/trustcom60117.2023.00219","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/trustcom60117.2023.00219","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://corescholar.libraries.wright.edu/cse/659","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047565602","display_name":"Daniel Grahn","orcid":"https://orcid.org/0000-0002-2619-1680"},"institutions":[{"id":"https://openalex.org/I19648265","display_name":"Wright State University","ror":"https://ror.org/04qk6pt94","country_code":"US","type":"education","lineage":["https://openalex.org/I19648265"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Daniel Grahn","raw_affiliation_strings":["Wright State University,Department of Computer Science and Engineering,Dayton,USA","Department of Computer Science and Engineering, Wright State University, Dayton, USA"],"affiliations":[{"raw_affiliation_string":"Wright State University,Department of Computer Science and Engineering,Dayton,USA","institution_ids":["https://openalex.org/I19648265"]},{"raw_affiliation_string":"Department of Computer Science and Engineering, Wright State University, Dayton, USA","institution_ids":["https://openalex.org/I19648265"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017524689","display_name":"Lingwei Chen","orcid":"https://orcid.org/0000-0003-1550-6170"},"institutions":[{"id":"https://openalex.org/I19648265","display_name":"Wright State University","ror":"https://ror.org/04qk6pt94","country_code":"US","type":"education","lineage":["https://openalex.org/I19648265"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lingwei Chen","raw_affiliation_strings":["Wright State University,Department of Computer Science and Engineering,Dayton,USA","Department of Computer Science and Engineering, Wright State University, Dayton, USA"],"affiliations":[{"raw_affiliation_string":"Wright State University,Department of Computer Science and Engineering,Dayton,USA","institution_ids":["https://openalex.org/I19648265"]},{"raw_affiliation_string":"Department of Computer Science and Engineering, Wright State University, Dayton, USA","institution_ids":["https://openalex.org/I19648265"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100343070","display_name":"Junjie Zhang","orcid":"https://orcid.org/0000-0003-0061-3790"},"institutions":[{"id":"https://openalex.org/I19648265","display_name":"Wright State University","ror":"https://ror.org/04qk6pt94","country_code":"US","type":"education","lineage":["https://openalex.org/I19648265"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Junjie Zhang","raw_affiliation_strings":["Wright State University,Department of Computer Science and Engineering,Dayton,USA","Department of Computer Science and Engineering, Wright State University, Dayton, USA"],"affiliations":[{"raw_affiliation_string":"Wright State University,Department of Computer Science and Engineering,Dayton,USA","institution_ids":["https://openalex.org/I19648265"]},{"raw_affiliation_string":"Department of Computer Science and Engineering, Wright State University, Dayton, USA","institution_ids":["https://openalex.org/I19648265"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5047565602"],"corresponding_institution_ids":["https://openalex.org/I19648265"],"apc_list":null,"apc_paid":null,"fwci":0.455,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.75148277,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":"126","issue":null,"first_page":"1606","last_page":"1613"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9627000093460083,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8481327891349792},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.6648538112640381},{"id":"https://openalex.org/keywords/generalizability-theory","display_name":"Generalizability theory","score":0.6633689403533936},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.6362999081611633},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.5639280080795288},{"id":"https://openalex.org/keywords/singular-value-decomposition","display_name":"Singular value decomposition","score":0.5529174208641052},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.537317156791687},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5366190671920776},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.5173351168632507},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4989607334136963},{"id":"https://openalex.org/keywords/software-metric","display_name":"Software metric","score":0.47630298137664795},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4340093433856964},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.39687782526016235},{"id":"https://openalex.org/keywords/software-quality","display_name":"Software quality","score":0.3901624381542206},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.26835885643959045},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.16262951493263245}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8481327891349792},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6648538112640381},{"id":"https://openalex.org/C27158222","wikidata":"https://www.wikidata.org/wiki/Q5532422","display_name":"Generalizability theory","level":2,"score":0.6633689403533936},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.6362999081611633},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.5639280080795288},{"id":"https://openalex.org/C22789450","wikidata":"https://www.wikidata.org/wiki/Q420904","display_name":"Singular value decomposition","level":2,"score":0.5529174208641052},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.537317156791687},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5366190671920776},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.5173351168632507},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4989607334136963},{"id":"https://openalex.org/C82214349","wikidata":"https://www.wikidata.org/wiki/Q657339","display_name":"Software metric","level":5,"score":0.47630298137664795},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4340093433856964},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.39687782526016235},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.3901624381542206},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.26835885643959045},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.16262951493263245},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/trustcom60117.2023.00219","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/trustcom60117.2023.00219","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","raw_type":"proceedings-article"},{"id":"pmh:oai:corescholar.libraries.wright.edu:cse-1659","is_oa":true,"landing_page_url":"https://corescholar.libraries.wright.edu/cse/659","pdf_url":null,"source":{"id":"https://openalex.org/S2737205702","display_name":"Journal of Bioresource Management","issn_l":"2309-3854","issn":["2309-3854"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":"https://openalex.org/P4310316536","host_organization_name":"Bioresource Research Center (BRC), Islamabad","host_organization_lineage":["https://openalex.org/P4310316536"],"host_organization_lineage_names":["Bioresource Research Center (BRC), Islamabad"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Computer Science and Engineering Faculty Publications","raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:corescholar.libraries.wright.edu:cse-1659","is_oa":true,"landing_page_url":"https://corescholar.libraries.wright.edu/cse/659","pdf_url":null,"source":{"id":"https://openalex.org/S2737205702","display_name":"Journal of Bioresource Management","issn_l":"2309-3854","issn":["2309-3854"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":"https://openalex.org/P4310316536","host_organization_name":"Bioresource Research Center (BRC), Islamabad","host_organization_lineage":["https://openalex.org/P4310316536"],"host_organization_lineage_names":["Bioresource Research Center (BRC), Islamabad"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Computer Science and Engineering Faculty Publications","raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W777621473","https://openalex.org/W2068470708","https://openalex.org/W2295598076","https://openalex.org/W2296073425","https://openalex.org/W2795170942","https://openalex.org/W2962960733","https://openalex.org/W2972135640","https://openalex.org/W3072699177","https://openalex.org/W3091588759","https://openalex.org/W3097434012","https://openalex.org/W3098605233","https://openalex.org/W3111309488","https://openalex.org/W3126675481","https://openalex.org/W3127782461","https://openalex.org/W3155649056","https://openalex.org/W3163206498","https://openalex.org/W3183962691","https://openalex.org/W4210320978","https://openalex.org/W4285285581","https://openalex.org/W4311165836","https://openalex.org/W4312436517","https://openalex.org/W4312757223","https://openalex.org/W4312969325","https://openalex.org/W4367860052","https://openalex.org/W6767260250","https://openalex.org/W6790588633","https://openalex.org/W6852887568","https://openalex.org/W7054444732"],"related_works":["https://openalex.org/W2078744341","https://openalex.org/W4385245644","https://openalex.org/W2029555411","https://openalex.org/W2159730313","https://openalex.org/W1509265476","https://openalex.org/W2774439323","https://openalex.org/W3151530686","https://openalex.org/W2981446648","https://openalex.org/W2183678285","https://openalex.org/W4383568364"],"abstract_inverted_index":{"In":[0],"this":[1],"paper,":[2],"we":[3,81],"consider":[4],"how":[5],"the":[6,62,72,84,119],"ability":[7,40],"to":[8,41,50,67,113,125,141],"learn":[9,42],"Code":[10,43,99],"Execution":[11,44,100],"Tasks":[12],"affects":[13],"a":[14,59,109],"model\u2019s":[15],"accuracy":[16,33,93,102,143],"on":[17,34,89],"software":[18,128],"vulnerability":[19,129],"detection":[20],"(SVD)":[21],"benchmark":[22],"datasets.":[23,86,155],"We":[24],"initially":[25],"find":[26],"that":[27,64,74,133],"models":[28,48,66,151],"can":[29],"achieve":[30],"near":[31],"state-of-the-art":[32],"SVD":[35,54,85,92,137,154],"benchmarks":[36,148],"regardless":[37],"of":[38,121,136,149],"their":[39],"Tasks.":[45],"However,":[46],"these":[47],"fail":[49],"generalize":[51],"well":[52],"across":[53,152],"benchmarks.":[55],"The":[56],"results":[57],"indicate":[58],"bias":[60],"in":[61],"datasets":[63,138],"allows":[65],"predict":[68],"non-SVD":[69],"signals.":[70],"Under":[71],"theory":[73],"different":[75],"collection":[76],"methods":[77],"will":[78,139],"reduce":[79],"biases,":[80],"investigate":[82],"combining":[83],"When":[87],"trained":[88],"combined":[90],"datasets,":[91],"is":[94],"reduced":[95],"but":[96],"correlation":[97],"with":[98],"Task":[101],"improves.":[103],"Our":[104],"contributions":[105],"are":[106],"(1)":[107],"using":[108],"reversed":[110],"curriculum":[111],"learning":[112],"evaluate":[114],"model":[115],"capabilities,":[116],"(2)":[117],"demonstrating":[118],"criticality":[120],"code":[122],"execution":[123],"understanding":[124],"machine":[126],"learning\u2013assisted":[127],"detection,":[130],"(3)":[131],"evidence":[132],"improved":[134,142],"diversity":[135],"lead":[140],"and":[144,147],"generalizability,":[145],"(4)":[146],"recent":[150],"multiple":[153]},"counts_by_year":[{"year":2024,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}