A zero-day attack is an undisclosed vulnerability that hackers can exploit to adversely affect computer programs. May 2017, a zero-day ransomware WannaCry has caused world-wide catastrophe, from knocking U.K. National Health Service hospitalsoffline to shutting down a Honda Motor Company in Japan [1], caused numerous economic damage around the world. The WannaCry propagated through EternalBlue, a zero-day developed by the United States National Security Agency (NSA) for olderWindows systems [2]. So far, Zero-day attacks are still emerging, thus at that point in time, such cyber threat draw the attention in zero-day detecting software vulnerability become a critical problem. As hacking techniques become advanced, vulnerabilities have been exponentially increasing. The number of vulnerabilities in which about 80,000 vulnerabilities are newly registered in CVE (Common Vulnerability Enumeration) from 2010 to 2015 is increasing [3]. For software vulnerability detection, the traditional solution have its own shortcoming respectively, for presence solutions in static analysis like pattern recolonization is often depended on the expert experience to manually defined features. Artificial analysis not only an error-prone task but also a time consuming job, for another presence solutions based on symbolic execution, they often have path explosion problem resulting in having difficulty implementing in large project. In this context, a new way for automation of vulnerability detection with both high efficiency and accuracy become a matter of urgency. In recent years, there are number of research teams have committed themselves on automation of vulnerabilities detection. like NeuFuzzy [5] using the deep learning to improve the efficiency of Fuzzy test, and VulDeePecker(Vulnerability Deep Pecker) a vulnerability detection method based on deep learning, which eliminates the need to manually define features. In this paper, we implemented a prototype of our framework based on an existing Bidirectional LSTM for static analysis and evaluated it on two different test suites: LAVA-M and four real-world applications. The experimental results showed that our framework can find more vulnerabilities than the presence work. We have found 8 new security bugs in these applications, 6 of which have been assigned as CVE IDs. Index Terms— Software security, Deep Learning, zero-day, static analysis, software analysis.