Software vulnerability detection is critical in software security because it
identifies potential bugs in software systems, enabling immediate remediation
and mitigation measures to be implemented before they may be exploited.
Automatic vulnerability identification is important because it can evaluate
large codebases more efficiently than manual code auditing. Many Machine
Learning (ML) and Deep Learning (DL) based models for detecting vulnerabilities
in source code have been presented in recent years. However, a survey that
summarises, classifies, and analyses the application of ML/DL models for
vulnerability detection is missing. It may be difficult to discover gaps in
existing research and potential for future improvement without a comprehensive
survey. This could result in essential areas of research being overlooked or
under-represented, leading to a skewed understanding of the state of the art in
vulnerability detection. This work address that gap by presenting a systematic
survey to characterize various features of ML/DL-based source code level
software vulnerability detection approaches via five primary research questions
(RQs). Specifically, our RQ1 examines the trend of publications that leverage
ML/DL for vulnerability detection, including the evolution of research and the
distribution of publication venues. RQ2 describes vulnerability datasets used
by existing ML/DL-based models, including their sources, types, and
representations, as well as analyses of the embedding techniques used by these
approaches. RQ3 explores the model architectures and design assumptions of
ML/DL-based vulnerability detection approaches. RQ4 summarises the type and
frequency of vulnerabilities that are covered by existing studies. Lastly, RQ5
presents a list of current challenges to be researched and an outline of a
potential research roadmap that highlights crucial opportunities for future
work