The detection of software vulnerability requires critical attention during the development phase to make it secure and less vulnerable. Vulnerable software always invites hackers to perform malicious activities and disrupt the operation of the software, which leads to millions in financial losses to software companies. In order to reduce the losses, there are many reliable and effective vulnerability detection systems introduced by security communities aiming to detect the software vulnerabilities as early as in the development or testing phases. To summarise the software vulnerability detection system, existing surveys discussed the conventional and data mining approaches. These approaches are widely used and mostly consist of traditional detection techniques. However, they lack discussion on the newly trending machine learning approaches, such as supervised learning and deep learning techniques. Furthermore, existing studies fail to discuss the growing research interest in the software vulnerability detection community throughout the years. With more discussion on this, we can predict and focus on what are the research problems in software vulnerability detection that need to be urgently addressed. Aiming to reduce these gaps, this paper presents the research interests’ taxonomy in software vulnerability detection, such as methods, detection, features, code and dataset. The research interest categories exhibit current trends in software vulnerability detection. The analysis shows that there is considerable interest in addressing methods and detection problems, while only a few are interested in code and dataset problems. This indicates that there is still much work to be done in terms of code and dataset problems in the future. Furthermore, this paper extends the machine learning approaches taxonomy, which is used to detect the software vulnerabilities, like supervised learning, semi-supervised learning, ensemble learning and deep learning. Based on the analysis, supervised learning and deep learning approaches are trending in the software vulnerability detection community as these techniques are able to detect vulnerabilities such as buffer overflow, SQL injection and cross-site scripting effectively with a significant detection performance, up to 95% of F1 score. Finally, this paper concludes with several discussions on potential future work in software vulnerability detection in terms of datasets, multi-vulnerabilities detection, transfer learning and real-world applications.

软件漏洞的检测在开发阶段需要特别注意，以使其安全且不那么容易受到攻击。易受攻击的软件始终会邀请黑客执行恶意活动并破坏软件的运行，从而给软件公司造成数百万美元的财务损失。为了减少损失，安全社区引入了许多可靠且有效的漏洞检测系统，旨在尽早在开发或测试阶段检测软件漏洞。为了概括软件漏洞检测系统，现有调查讨论了常规方法和数据挖掘方法。这些方法被广泛使用，并且主要由传统检测技术组成。但是，他们缺乏关于新趋势机器学习方法的讨论，例如监督学习和深度学习技术。此外，现有研究未能讨论多年来对软件漏洞检测社区日益增长的研究兴趣。通过对此进行更多的讨论，我们可以预测并集中于软件漏洞检测中亟待解决的研究问题。为了缩小这些差距，本文介绍了软件漏洞检测的研究兴趣分类，包括方法，检测，功能，代码和数据集。研究兴趣类别展示了软件漏洞检测的当前趋势。分析表明，对解决方法和检测问题的兴趣很大，而对代码和数据集问题的兴趣很小。这表明，将来在代码和数据集问题方面仍有大量工作要做。此外，本文扩展了机器学习方法分类法，该方法用于检测软件漏洞，例如监督学习，半监督学习，集成学习和深度学习。根据分析，在软件漏洞检测社区中，有监督学习和深度学习方法正在发展，因为这些技术能够有效地检测缓冲区溢出，SQL注入和跨站点脚本等漏洞，并且检测性能高达95％。 F1分数。最后，本文以关于数据集，多漏洞检测，