Predicting software vulnerabilities using topic modeling

Abstract: A vulnerability database for a large C++ program was used to mark source code files responsible for the vulnerability either as clean or vulnerable. The whole source code was used with latent Dirchlet allocation (LDA) to extract hidden topics from it. Each file was given a topic distribution probability, as well as the status of being either clean or vulnerable. This data was used to train machine learning algorithm to detect vulnerable source files, based only on their topic distribution. In total, three different sets of data were prepared from the original source code with varying number of topics, number of documents, and iterations of LDA performed. None of data sets showed ability to predict software vulnerability based on LDA and machine learning.