Extracting rules for vulnerabilities detection with static metrics using machine learning

被引：14

作者：

Gupta, Aakanshi ^{[1
]}

Suri, Bharti ^{[2
]}

Kumar, Vijay ^{[3
]}

Jain, Pragyashree ^{[4
]}

机构：

[1] GGS Indraprastha Univ, ASET, New Delhi, India

[2] GGS Indraprastha Univ, Univ Sch ICT, New Delhi, India

[3] Amity Univ Uttar Pradesh, Dept Math, Amity Inst Appl Sci, Noida, India

[4] Amity Sch Engn & Technol, New Delhi, India

来源：

INTERNATIONAL JOURNAL OF SYSTEM ASSURANCE ENGINEERING AND MANAGEMENT | 2021年 / 12卷 / 01期

关键词：

Software metrics; Machine learning; Static code analysis; Supervised learning;

D O I：

10.1007/s13198-020-01036-0

中图分类号：

T [工业技术];

学科分类号：

08 ;

摘要：

Software quality is the prime solicitude in software engineering and vulnerability is one of the major threat in this respect. Vulnerability hampers the security of the software and also impairs the quality of the software. In this paper, we have conducted experimental research on evaluating the utility of machine learning algorithms to detect the vulnerabilities. To execute this experiment; a set of software metrics was extracted using machine learning in the form of easily accessible laws. Here, 32 supervised machine learning algorithms have been considered for 3 most occurred vulnerabilities namely:Lawofdemeter,BeanMemberShouldSerialize,andLocalVariablecouldBeFinalin a software system. Using the J48 machine learning algorithm in this research, up to 96% of accurate result in vulnerability detection was achieved. The results are validated against tenfold cross validation and also, the statistical parameters like ROC curve, Kappa statistics; Recall, Precision, etc. have been used for analyzing the result.

引用

页码：65 / 76

页数：12

共 50 条

[1] Extracting rules for vulnerabilities detection with static metrics using machine learning
Aakanshi Gupta
Bharti Suri
Vijay Kumar
Pragyashree Jain
[J]. International Journal of System Assurance Engineering and Management, 2021, 12 : 65 - 76
[2] Machine Learning: Research on Detection of Network Security Vulnerabilities by Extracting and Matching Features
Xue Y.
[J]. Journal of Cyber Security and Mobility, 2023, 12 (05): : 697 - 710
[3] Deep Learning for Software Vulnerabilities Detection Using Code Metrics
Zagane, Mohammed
Abdi, Mustapha Kamel
Alenezi, Mamdouh
[J]. IEEE ACCESS, 2020, 8 : 74562 - 74570
[4] Automatic Detection and Correction of Vulnerabilities using Machine Learning
Tommy, Robin
Sundeep, Gullapudi
Jose, Hima
[J]. 2017 INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN COMPUTER, ELECTRICAL, ELECTRONICS AND COMMUNICATION (CTCEEC), 2017, : 1062 - 1065
[5] Extracting Rules for Black Jack Using Machine Learning and Fuzzy Systems
Cardoso, Karla R.
Cintra, Marcos E.
Basgalupp, Marcio
[J]. 2018 IEEE INTERNATIONAL CONFERENCE ON FUZZY SYSTEMS (FUZZ-IEEE), 2018,
[6] Machine Learning to Combine Static Analysis Alerts with Software Metrics to Detect Security Vulnerabilities: An Empirical Study
Pereira, Jose D'Abruzzo
Campos, Joao R.
Vieira, Marco
[J]. 2021 17TH EUROPEAN DEPENDABLE COMPUTING CONFERENCE (EDCC 2021), 2021, : 1 - 8
[7] Detection of Vulnerabilities by Incorrect Use of Variable Using Machine Learning
Park, Jihyun
Shin, Jaeyoung
Choi, Byoungju
[J]. ELECTRONICS, 2023, 12 (05)
[8] Vulnerable Code Detection Using Software Metrics and Machine Learning
Medeiros, Nadia
Ivaki, Naghmeh
Costa, Pedro
Vieira, Marco
[J]. IEEE ACCESS, 2020, 8 : 219174 - 219198
[9] Early Detection of Vulnerabilities from News Websites using Machine Learning Models
Iorga, Denis
Corlatescu, Dragos
Grigorescu, Octavian
Sandescu, Cristian
Dascalu, Mihai
Rughinis, Razvan
[J]. 2020 19TH ROEDUNET CONFERENCE: NETWORKING IN EDUCATION AND RESEARCH (ROEDUNET), 2020,
[10] Predicting Phishing Vulnerabilities Using Machine Learning
Rutherford, Sarah
Lin, Kevin
Blaine, Raymond W.
[J]. SOUTHEASTCON 2022, 2022, : 779 - 786

← 1 2 3 4 5 →