Utilize este identificador para referenciar este registo:
https://hdl.handle.net/10316/101274
Título: | Vulnerable Code Detection Using Software Metrics and Machine Learning | Autor: | Medeiros, Nadia Ivaki, Naghmeh Costa, Pedro Vieira, Marco |
Palavras-chave: | Application scenarios; machine learning; software metrics; software security; security vulnerabilities | Data: | 2020 | Título da revista, periódico, livro ou evento: | IEEE Access | Volume: | 8 | Resumo: | Software metrics are widely-used indicators of software quality and several studies have shown that such metrics can be used to estimate the presence of vulnerabilities in the code. In this paper, we present a comprehensive experiment to study how effective software metrics can be to distinguish the vulnerable code units from the non-vulnerable ones. To this end, we use several machine learning algorithms (Random Forest, Extreme Boosting, Decision Tree, SVM Linear, and SVM Radial) to extract vulnerability-related knowledge from software metrics collected from the source code of several representative software projects developed in C/CCC (Mozilla Firefox, Linux Kernel, Apache HTTPd, Xen, and Glibc). We consider different combinations of software metrics and diverse application scenarios with different security concerns (e.g., highly critical or non-critical systems). This experiment contributes to understanding whether software metrics can effectively be used to distinguish vulnerable code units in different application scenarios, and howcan machine learning algorithms help in this regard. The main observation is that using machine learning algorithms on top of software metrics helps to indicate vulnerable code units with a relatively high level of con dence for security-critical software systems (where the focus is on detecting the maximum number of vulnerabilities, even if false positives are reported), but they are not helpful for low-critical or non-critical systems due to the high number of false positives (that bring an additional development cost frequently not affordable). | URI: | https://hdl.handle.net/10316/101274 | ISSN: | 2169-3536 | DOI: | 10.1109/ACCESS.2020.3041181 | Direitos: | openAccess |
Aparece nas coleções: | I&D CISUC - Artigos em Revistas Internacionais |
Ficheiros deste registo:
Ficheiro | Descrição | Tamanho | Formato | |
---|---|---|---|---|
Vulnerable_Code_Detection_Using_Software_Metrics_and_Machine_Learning.pdf | 2.79 MB | Adobe PDF | Ver/Abrir |
Citações SCOPUSTM
11
Visto em 17/nov/2022
Visualizações de página
70
Visto em 15/mai/2024
Downloads
75
Visto em 15/mai/2024
Google ScholarTM
Verificar
Altmetric
Altmetric
Este registo está protegido por Licença Creative Commons