vulndetect-ml

Simple ML project to detect and classify vulnerable Java code

Check out detect.alexpotter.net for a proof-of-concept!

How to get started?

Ensure you have a working virtualenv/anaconda environment to install packages to (or you don't mind installing globally)

Install TensorFlow

conda install tensorflow is preferred, will install NVIDIA CUDA/Intel MKL-DNN acceleration dependencies automagically
pip install tensorflow if you don't have conda

Install TensorFlow Datasets module

pip install tensorflow_datasets

Begin training with simple_train.py

The program will download the dataset from the internet, extract it and begin building the encoder. Don't worry if it looks like it has frozen after it finishes downloading. It has not. You will eventually see it processing the encoded samples once it has built the vocabulary from the corpus
You may want to train on a GPU-accelerated machine as it can take a while - ensure you have CUDA installed for this (or conda install...)

Data visualisation

simple_train.py saves two files useful for embedding projection visualisation:
- vecs.tsv - saved embedding vectors
- meta.tsv - associate metadata for each embedding vector
You can load this with projector.tensorflow.org for PCA/t-SNE etc

Prediction

Two ways to do this:

Run predict.py with a Java file in a folder called new/
Use the new React frontend to submit a file and check it

Prediction - React web app (recommended)

A hosted version is available for testing here

To run this locally, you will need (in addition tensorflow, numpy, all of the other modules for training):

python3
flask, flask_cors : python3 -m pip install flask flask_cors python_dotenv
node with npm: brew install node, sudo apt install nodejs npm, https://nodejs.org/en/download/current/

Open a Terminal and cd to web/
Run npm install
Run npm start to start the frontend
Open another terminal and cd to web/api
Run npm run link-api to symlink the required Python modules (only need to run this for the first time)
Run npm run start-api to start the Python backend server
The React web app should be accessible on http://localhost:3000 with a web browser.

If it does not connect for any reason, check your firewall configuration and check that there are no errors in the Terminal

This will start the app in development mode

Name		Name	Last commit message	Last commit date
Latest commit History 37 Commits
dissertation @ 1e220ec		dissertation @ 1e220ec
tfds_juliet		tfds_juliet
url_checksums		url_checksums
web		web
.gitignore		.gitignore
.gitmodules		.gitmodules
LICENSE		LICENSE
README.md		README.md
azure-pipelines.yml		azure-pipelines.yml
labels.txt		labels.txt
parse_training_input.py		parse_training_input.py
predict.py		predict.py
requirements.txt		requirements.txt
simple_train.py		simple_train.py
util.py		util.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

vulndetect-ml

How to get started?

Install TensorFlow

Install TensorFlow Datasets module

Begin training with simple_train.py

Data visualisation

Prediction

Prediction - React web app (recommended)

About

Releases

Packages

Languages

License

alexpotter1/vulndetect-ml

Folders and files

Latest commit

History

Repository files navigation

vulndetect-ml

How to get started?

Install TensorFlow

Install TensorFlow Datasets module

Begin training with simple_train.py

Data visualisation

Prediction

Prediction - React web app (recommended)

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages