![\"CVE](\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/03\/CVE_statistics.jpg\" "\\"CVE_statistics.jpg\\"")
<\/figure>\n\n
Since these problems have existed for quite some time, there are many tools that automatically uncover vulnerabilities in code bases and help the developer build better software.<\/p>\n\n\n\n
Static <\/strong>analysers<\/b> find vulnerabilities without executing the code. Dynamic <\/strong>analysers<\/b> execute the program multiple times with different test inputs to uncover weaknesses while Symbolic execution<\/strong> replaces input data with symbolic values to analyse the control flow of the program. That way, every program execution path can be reproduced to uncover bugs or weaknesses. The drawback to this approach is that it is expensive to do, because it takes a lot of time. This doesn’t scale well for large code bases. [2]<\/p>\n\n\n\n All of these solutions are rule-based, which means that they can only detect a limited subset of errors. The rules have to be defined by security experts, which is a tedious and often error-prone task. To avoid these errors, multiple human experts have to be employed to define features and rules, which raises the cost of building these tools.<\/p>\n\n\n\n The advantage of Deep Learning algorithms is that they can do the feature extraction by themselves and alleviate human experts from those tasks [2]. Most importantly, they can learn vulnerability patterns on their own, provided they are fed the right training examples. In this Blog-Post, I will present a data-driven approach to solve the vulnerability detection problem with highly improved performance.<\/p>\n\n\n\n Every Machine Learning algorithm needs a lot of data to work properly. The first question to be answered is how finely grained does the collected data need to be. Does it suffice to only use single lines of code or functions or is it necessary to use complete classes as training data?<\/p>\n\n\n\n The approach described in VulDeePecker: A Deep Learning-Based System for Vulnerability Detection<\/em> by Zhen Et al.<\/em> [3] uses so-called Code Gadgets,<\/strong> which enable a finer granularity than the function-level approach, but still contain more information than single code lines. A Code Gadget consists of semantically related lines of code. To generate one, you have to identify a key point<\/em>, the center of a vulnerability and find the semantically related lines by analysing the control flow or data flow of the program (see Fig. 2). These key points might be function calls, arrays, pointers, etc. All of the Code Gadgets in [3] were generated using library\/API calls as key points. Zhen Et al. state that building a heuristic concept for mapping key points to vulnerabilities is beyond the scope of their present paper and remains to be further investigated. Additionally, Zhen Et al. focused on Buffer and resource management errors for vulnerabilities exclusively. [3]<\/p>\n\n\n\n This means that their method is restricted to a specific subset of two common vulnerability types that are related to library\/API calls. Any other vulnerability type or key point is not taken into account.<\/p>\n\n\n\n A broader approach is described in Automated Vulnerability Detection in Source Code Using Deep Representation Learning<\/em> by Rebecca L. Russel Et al. [2]. They analyse software on the function level and don’t restrict themselves to any specific subset of vulnerability types. Instead, they leave it up to the Neural Network to find vulnerability patterns in the function code. [2] <\/p>\n\n\n\n I am going to focus on this approach, going forward.<\/p>\n\n\n\n Since there are a lot of open-source projects, an obvious choice is to mine the needed program code from Git repositories. It is important to note that the quality of the code and the quality of the commit messages play a significant role to the overall quality of the training data. Repositories like the Linux kernel, Firefox, Thunderbird, SeaMonkey, Apache, etc. come to mind when it comes to training a vulnerability detection system for C\/C++ programs. [3]<\/p>\n\n\n\n To label code vulnerabilities at a function level, there are three possibilities: using a static analyser, using a dynamic analyser and commit message tagging. Dynamic analysis takes a lot of time and is therefore impractical for labelling large amounts of data. Commit message tagging doesn’t consume much time, but produces only a small amount of high quality labels. The reason for that is that the only reliable way of finding a high quality label in a commit message is through searching for keywords like “fixed”, “buggy”, etc. and then extracting the fixed function code. This rules out most commit messages and doesn’t yield enough data points to train a model on its own.<\/p>\n\n\n\n That’s why Rebecca L. Russel Et al. [2] combined this approach with using multiple static analysers and then letting a couple of security researchers manually prune the results to exclude false positives in the labels. This resulted in two overall labels: vulnerable (1)<\/strong> and not vulnerable (0)<\/strong>. [2]<\/p>\n\n\n\n How can you represent a program in a form that is understood by a Neural Network? The data has to be in a numerical vector format. This means that we need to find a numerical representation of our program code that contains all of the information needed to detect vulnerabilities. This problem has been solved in Natural Language Processing (NLP) with Word Embeddings. In NLP, Vector Space Models (VSMs) are used to represent words in a Pre-trained Word Embeddings already exist for normal NLP applications, but not for programming languages. This means that for any task in relation to classifying program code, Word Embeddings have to be trained from scratch. <\/p>\n\n\n\n The first step is to build a vocabulary that contains all of the tokens used by the specific programming language. It makes sense to use a Lexer to build an intermediate representation of the code that uses a much smaller vocabulary size and consequently reduce the dimensionality of the training examples. That way, a lot less data is needed to train the model. All of the necessary patterns are retained in a lexed representation of the program code. An example would be the semantic meaning of string literals. Every string literal has roughly the same word embedding in the aforementioned The approach for Word Embeddings used in this case is word2vec<\/strong>. All of the tokens from the lexed code are embedded into a The best results were achieved with a representation of size To perform the first classification of the word vectors, CNNs are used. Their overall performance on this task is better than the performance of RNNs [2]. Additionally, you can visualise, which features they focus on for the class decision. I will refer to this point later. <\/p>\n\n\n\n The overall architecture can be described as follows: to extract the features, only one Convolutional Layer is used. This layer contains 512 filters with a filter size of All of the inputs are restricted to a size of 500px. If an input matrix is smaller than that, it is padded with zeroes. Overall, a mini-batch size of 128 proved to give the best results.<\/p>\n\n\n\n Since the dataset is highly unbalanced with an overwhelming majority of the data being not vulnerable (0) <\/strong>the loss function has to weigh data points labeled as vulnerable much stronger than invulnerable ones. A surprising finding is that an ensemble classifier like a random forest performs better than the dense layers of the CNN. That way, the feature extractor of the CNN is used to extract representations that are then fed into a random forest for classification. [2]<\/p>\n\n\n\n As described before, CNNs perform better than RNNs. Additionally, they have a couple of other advantages over RNNs: they train faster since their operations can be executed concurrently, they need fewer parameters to train and don\u2019t suffer from a vanishing gradient problem. As mentioned before, the Overall best performance can be achieved with the CNN for feature extraction and a Random Forest for classification (see Fig. 6 and 7). All of the ML models by far outperform the three static analysers (see Fig. 7). [2]<\/p>\n\n\n\n <\/p>\n<\/div>\n\n\n\n <\/p>\n<\/div>\n<\/div>\n\n\n\n The advantage of Machine-Learning-based vulnerability detection tools is that they can analyse large code bases in a relatively short amount of time without the need to compile them first. Static analysers only return a number of vulnerabilities they found, but no posterior probability that indicates how reliable their findings are. With a Machine Learning model, a threshold can be defined, which defines how high the posterior probability needs to be for the output to be considered a relevant finding. This can be especially useful if a large code base has to be evaluated and these findings have to be reliable instead of complete. In contrast, the threshold can be lowered if the tool is used on a critical system and every possible vulnerability has to be found. The Data-Science-specific description of this is tuning the model for better recall vs. better precision. <\/p>\n\n\n\n As mentioned before, CNNs have the advantage over RNNs that the features used for classification can be visualised, so that the relevant code snippets can be highlighted. A good approach to do that is the Grad-CAM algorithm, described by Ramprasaath R. Selvaraju Et al. in [10]. RNNs don\u2019t offer that possibility since they don’t have a sparsity constraint in their hidden layers.<\/p>\n\n\n\n All of the classifiers in [2, 3, 11] perform much better on vulnerability detection tasks than the rule- or pattern-based analysers, that are used today [3]. These tools either match with a vulnerability pattern or not. They don’t return a probability of accurate their findings are. Developers have to largely prune these findings by themselves, which leads to more development time and less improvement in security since most developers aren\u2019t security experts. <\/p>\n\n\n\n Machine Learning algorithms return findings with an posterior probability that indicates how reliable the findings are. This allows developers to instantly see, which findings have to be fixed and which findings probably are false positives. Also, the models can be tuned for better recall vs. better precision, meaning that working with a large code base, the output threshold can be raised, so that only the most relevant findings are returned. Working with critical systems, the threshold can be lowered and the findings will be more complete along with returning less relevant ones.<\/p>\n\n\n\n All of this hugely depends on the data with which the model is being trained. If the training data is of high quality, the model will perform very well. If the training data is of low quality, the model will perform very badly, independent of how advanced the model architecture is. <\/p>\n\n\n\n A model only needs to be trained once for every programming language and can then be used across many projects. Of course, these models need to be regularly fine-tuned with new vulnerabilities. But this is no huge effort and problem calls for public vulnerability datasets that are regularly updated to train ML-based vulnerability detection models. If done properly, common vulnerabilities could easily be avoided in the future.<\/p>\n\n\n\n Today’s software is more vulnerable to cyber attacks than ever before. The number of recorded vulnerabilities has almost constantly increased since the early 90s. The advantage of Deep Learning algorithms is that they can learn vulnerability patterns on their own and achieve a much better vulnerability detection performance. In this Blog-Post, I will present a data-driven approach to solve the vulnerability detection problem with highly improved performance.<\/p>\n","protected":false},"author":470,"featured_media":5808,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1,652,661],"tags":[106,119,57,27,125,218],"ppma_author":[733],"class_list":["post-5576","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-allgemein","category-artificial-intelligence","category-deep-learning","tag-artificial-intelligence","tag-deep-learning","tag-machine-learning","tag-security","tag-vulnerabilities","tag-vulnerability-detection"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/03\/luca-bravo-217276-unsplash.jpg","jetpack-related-posts":[{"id":20850,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2021\/08\/30\/hafnium-exchange-server-attacks-what-happened-and-how-to-protect-yourself\/","url_meta":{"origin":5576,"position":0},"title":"HAFNIUM EXCHANGE SERVER ATTACKS – What happened and how to protect yourself","author":"Jannik Smidt","date":"30. August 2021","format":false,"excerpt":"an article by Carina Szkudlarek, Niklas Schildhauer and Jannik Smidt This post is going to review the zero day exploit of the Microsoft Exchange Servers starting in January 2021.It will look into the methods of SSRF and the exploitation of mistakes in the deserialization of input values to procure privileged\u2026","rel":"","context":"In "Secure Systems"","block_context":{"text":"Secure Systems","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/secure-systems\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2021\/08\/5.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2021\/08\/5.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2021\/08\/5.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2021\/08\/5.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":10415,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2020\/08\/19\/ai-cyberattacks-deepfakes\/","url_meta":{"origin":5576,"position":1},"title":"The Dark Side of AI – Part 1: Cyberattacks and Deepfakes","author":"Micha Christ","date":"19. August 2020","format":false,"excerpt":"Introduction Who hasn't seen a cinema production in which an AI-based robot threatens individual people or the entire human race? It is in the stars when or if such a technology can really be developed. With this series of blog entries we want to point out that AI does not\u2026","rel":"","context":"In "Allgemein"","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2020\/08\/screen-shot-2018-08-03-at-10-34-32-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2020\/08\/screen-shot-2018-08-03-at-10-34-32-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2020\/08\/screen-shot-2018-08-03-at-10-34-32-1.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":3084,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/09\/05\/cloud-security-part-2-the-vulnerabilities-and-threats-of-the-cloud-current-scientific-work-on-cloud-security-conclusion-and-outlook\/","url_meta":{"origin":5576,"position":2},"title":"Cloud Security \u2013 Part 2: The vulnerabilities and threats of the cloud, current scientific work on cloud security, conclusion and outlook","author":"Andreas Fliehr","date":"5. September 2017","format":false,"excerpt":"The second of two blog posts about cloud security. This post covers the vulnerabilities and threats of the cloud, the current scientific work on cloud security and a conclusion and an outlook.","rel":"","context":"In "Cloud Technologies"","block_context":{"text":"Cloud Technologies","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/scalable-systems\/cloud-technologies\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/Structure-of-Nexen.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/Structure-of-Nexen.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/Structure-of-Nexen.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":26825,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2025\/02\/26\/defense-in-depth-in-an-enterprise-environment\/","url_meta":{"origin":5576,"position":3},"title":"Defense in-depth in an enterprise environment","author":"Steffen Schawjinski","date":"26. February 2025","format":false,"excerpt":"To run a successful business in the IT market, you have to have some sort of Cybersecurity. To forgo security does not only hurt the reputation immensely once a data breach happens, a data breach is also very costly. According to Forbes[^1] and IBM[^2] the average cost of a data\u2026","rel":"","context":"In "Allgemein"","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2025\/02\/blog-pyramid-pain-01-768x432-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2025\/02\/blog-pyramid-pain-01-768x432-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2025\/02\/blog-pyramid-pain-01-768x432-1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2025\/02\/blog-pyramid-pain-01-768x432-1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":26378,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2024\/07\/25\/secure-code-fast-delivery-the-power-of-devsecops\/","url_meta":{"origin":5576,"position":4},"title":"Secure Code, Fast Delivery: The Power of DevSecOps","author":"Furkan Erdogan","date":"25. July 2024","format":false,"excerpt":"In today\u2019s fast-paced digital world, security breaches are more than just a risk; they\u2019re almost a guarantee if you don\u2019t stay ahead. Imagine being able to develop software at lightning speed without compromising on security. Sounds like a dream, right? Welcome to the world of DevSecOps! If you\u2019re curious about\u2026","rel":"","context":"In "Allgemein"","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2024\/07\/grafik.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2024\/07\/grafik.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2024\/07\/grafik.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2024\/07\/grafik.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2024\/07\/grafik.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2024\/07\/grafik.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":24427,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2023\/03\/03\/ai-and-scaling-the-compute-for-the-new-moores-law\/","url_meta":{"origin":5576,"position":5},"title":"AI and Scaling the Compute for the new Moore\u2019s Law","author":"Marvin Blessing","date":"3. March 2023","format":false,"excerpt":"AI and Scaling the Compute becomes more relevant as the strive for larger language models and general purpose AI continues. The future of the trend is unknown as the rate of doubling the compute outpaces Moore's Law rate of every two year to a 3.4 month doubling. IntroductionRequiring compute beyond\u2026","rel":"","context":"In "Artificial Intelligence"","block_context":{"text":"Artificial Intelligence","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/artificial-intelligence\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/03\/image-4.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/03\/image-4.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/03\/image-4.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/03\/image-4.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/03\/image-4.png?resize=1050%2C600&ssl=1 3x"},"classes":[]}],"jetpack_sharing_enabled":true,"authors":[{"term_id":733,"user_id":470,"is_guest":0,"slug":"db131","display_name":"Daniel Bruckner","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/fd17f5d0a436f830ada164a5a4a50ba08db5072686a613dbfee82ebb6e1c7291?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/5576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/users\/470"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/comments?post=5576"}],"version-history":[{"count":184,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/5576\/revisions"}],"predecessor-version":[{"id":5814,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/5576\/revisions\/5814"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/media\/5808"}],"wp:attachment":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/media?parent=5576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/categories?post=5576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/tags?post=5576"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/ppma_author?post=5576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}What about the data?<\/h2>\n\n\n\n
Granularity of the data<\/h3>\n\n\n\n
![\"\"](\"https:\/\/i2.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/03\/Code-Gadgets.png?fit=656%2C299&ssl=1\")
<\/figcaption><\/figure>\n\n\n\nWhere to get the data from?<\/h3>\n\n\n\n
How do we label the data?<\/h3>\n\n\n\n
Available datasets for vulnerability detection <\/h4>\n\n\n\n
How to build effective program representations<\/h2>\n\n\n\n
![\"n\"](\"https:\/\/s0.wp.com\/latex.php?latex=n&bg=ffffff&fg=000&s=0&c=20201002\")
![\"k\"](\"https:\/\/s0.wp.com\/latex.php?latex=k&bg=ffffff&fg=000&s=0&c=20201002\")
![\"Word2vec\"\/](\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/03\/word2vec.png\")
![\"k](\"https:\/\/s0.wp.com\/latex.php?latex=k+%3D+13&bg=ffffff&fg=000&s=0&c=20201002\")
![\"Embeddings](\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/03\/Embeddings_1.png\")
How do we classify our Word Embeddings?<\/h2>\n\n\n\n
![\"m](\"https:\/\/s0.wp.com\/latex.php?latex=m+%2A+l&bg=ffffff&fg=000&s=0&c=20201002\")
![\"m\"](\"https:\/\/s0.wp.com\/latex.php?latex=m&bg=ffffff&fg=000&s=0&c=20201002\")
![\"TextCNN\"\/](\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/03\/TextCNN.png\")
So, how well does our new model perform?<\/h2>\n\n\n\n
![\"\"](\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/03\/precision_recall.png\")
![\"\"](\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/03\/TP_FP.png\")
The Conclusion<\/h2>\n\n\n\n
Sources and further reading:<\/h2>\n\n\n\n
doi: 10.1109\/ICMLA.2018.00120<\/li>
D. Parikh, and D. Batra. “Grad-cam: Why did you say that?
visual explanations from deep networks via gradient-based
localization<\/em>.” arXiv:1611.01646, 2016.<\/li>