Static Analysis For Early Detection Of Vulnerabilities in Source Code Based on Artificial Intelligence

Abstract

Software security has become a critical concern as modern applications grow increasingly complex and interconnected. Traditional static analysis tools, while widely adopted for detecting vulnerabilities in source code, often suffer from high falsepositive rates and limited ability to capture deep semantic relationships in programs. This thesis provides both the necessary background and a comprehensive review of recent research efforts in this domain, with a particular focus on Java source code. It first introduces the foundations of static code analysis, outlining its principles, strengths, and limitations and examines program representations such as Abstract Syntax Trees (ASTs), Control Flow Graphs (CFGs), and Data Flow Graphs (DFGs), alongside advanced neural architectures including Graph Neural Networks (GNNs), which aim to model both syntactic and semantic dependencies in code. Through a comparative analysis of existing works, the study highlights their strengths, limitations, and performance across commonly used benchmark datasets. The findings reveal that hybrid code representations and graph-based deep learning models offer promising results, yet challenges persist regarding dataset quality, model generalization, reproducibility, and the gap between academic prototypes and industrial deployment. By synthesizing and critically evaluating the state of the art, this thesis contributes to a deeper understanding of current progress in automated vulnerability detection and outlines directions for future research.