A New Approach to Locate Software Vulnerabilities Using Code Metrics

Zagane, Mohammed; Abdi, Mustapha Kamel; Alenezi, Mamdouh

doi:10.4018/ijsi.2020070106

Cited by 3 publications

(3 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Code metrics were widely used to solve challenging problems in the field of software engineering such as defect prediction [10], [11], [12], [13], [14], [15], [16] and vulnerability prediction [17], [18], [19], [20], [21], [22], [23]. This is motivated by the fact that code metrics are known for their ability to quantify software attributes such as size, complexity and coupling which are proven in practice to be correlated with defects and vulnerabilities [24].…”

Section: Related Workmentioning

confidence: 99%

Enhancing Software Co-Change Prediction: Leveraging Hybrid Approaches for Improved Accuracy

Zagane,

Alenezi

2024

IEEE Access

Self Cite

View full text Add to dashboard Cite

Accurate prediction of co-changes in software systems is crucial for efficient development and maintenance, especially as systems grow in complexity. While deep learning-based approaches have shown promise, they often struggle with diverse and complex data. In this paper, we present a novel hybrid approach that combines traditional software engineering methods with deep learning techniques to improve co-change prediction accuracy. Our approach leverages software metrics and deep learning models, incorporating the unique characteristics induced by naming conventions, such as PascalCase and camelCase, used by developers for naming consistency. By utilizing char n-gram embedding and sub-token context, we enrich the vector representations of source file names, capturing relationships and dependencies between files. We comprehensively evaluate our hybrid approach using three open-source software projects. The findings of this study have significant implications for the development of more effective software co-change prediction tools and techniques, enabling better decision-making in software development and maintenance processes. Our approach outperforms traditional software engineering methods and deep learning-based approaches, demonstrating its potential to significantly improve software development and maintenance efficiency.

show abstract

Section: Related Workmentioning

confidence: 99%

Enhancing Software Co-Change Prediction: Leveraging Hybrid Approaches for Improved Accuracy

Zagane,

Alenezi

2024

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

“…The second dataset used in this study is called CMD (Code Metrics dataset), which was proposed by Ref. [4], and it is publicly available online [33]. The explanation of each dataset is given in the following sections.…”

Section: Dataset Preparationmentioning

confidence: 99%

“…Exploiting software vulnerabilities causes a large number of information security issues. Manually identifying and detecting these security flaws is a time-consuming, tiresome, and expensive task requiring significant time and money [4]. Recently, many researchers have become interested in automatic vulnerability prediction (AVP) using deep learning (DL) and machine learning (ML) techniques [5].…”

Section: Introductionmentioning

confidence: 99%

A deep learning‐based approach for software vulnerability detection using code metrics

Subhan

et al. 2022

IET Software

View full text Add to dashboard Cite

Vulnerabilities can have devastating effects on information security, affecting the economy, social stability, and national security. The idea of automatic vulnerability detection has always attracted researchers. From traditional manual vulnerability mining techniques to static and dynamic detection, all rely on human experts for feature definition. The rapid development of machine learning and deep learning has alleviated the tedious task of manually defining features by human experts while reducing the lack of objectivity caused by human subjective awareness. However, it is still necessary to find an objective characterisation method to define the features of vulnerabilities. Therefore, the authors use code metrics for code characterisation, sequences of metrics representing code. To use code metrics for vulnerability detection, a deep learning‐based vulnerability detection approach that uses a composite neural network of convolutional neural network (CNN) with long short‐term memory (LSTM) is proposed. The authors conduct experiments independently using the proposed approach for CNN‐LSTM CNN, LSTM, gated recurrent units (GRU), and deep neural network (DNN). The authors’ experimental results show that CNN‐LSTM has a high precision of 92%, a recall of 99%, and an accuracy of 91%. In terms of the F1‐score, it is 95%, compared to previous research results, which indicated an improvement of 18%. Compared to other deep learning‐based vulnerability detection models, the authors’ proposed model produced a lower false‐positive rate, a lower miss rate, and improved accuracy.

show abstract

Hybrid Representation to Locate Vulnerable Lines of Code

Zagane

Alenezi

Abdi

2022

International Journal of Software Innovation

Self Cite

View full text Add to dashboard Cite

Locating vulnerable lines of code in large software systems needs huge efforts from human experts. This explains the high costs in terms of budget and time needed to correct vulnerabilities. To minimize these costs, automatic solutions of vulnerabilities prediction have been proposed. Existing machine learning (ML)-based solutions face difficulties in predicting vulnerabilities in coarse granularity and in defining suitable code features that limit their effectiveness. To addressee these limitations, in the present work, the authors propose an improved ML-based approach using slice-based code representation and the technique of TF-IDF to automatically extract effective features. The obtained results showed that combining these two techniques with ML techniques allows building effective vulnerability prediction models (VPMs) that locate vulnerabilities in a finer granularity and with excellent performances (high precision (>98%), low FNR (<2%) and low FPR (<3%) which outperforms software metrics and are equivalent to the best performing recent deep learning-based approaches.

show abstract

A New Approach to Locate Software Vulnerabilities Using Code Metrics

Cited by 3 publications

References 19 publications

Enhancing Software Co-Change Prediction: Leveraging Hybrid Approaches for Improved Accuracy

Enhancing Software Co-Change Prediction: Leveraging Hybrid Approaches for Improved Accuracy

A deep learning‐based approach for software vulnerability detection using code metrics

Hybrid Representation to Locate Vulnerable Lines of Code

Contact Info

Product

Resources

About