Learning to Identify Security-Related Issues Using Convolutional Neural Networks

Cited by 19 publications

(14 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Qin and Sun (2018) propose to use word embeddings of the title and description of the issue as features and use these to train a Long Short-Term Memory (LSTM). Palacio et al (2019) propose to use the SecureReqNet (shallow) 2 Kallis et al (2019) created the tool Ticket Tagger that can be directly integrated into GitHub as a recommendation system for issue type classification. The Ticket Tagger uses the fastText Facebook AI Research (2019) algorithm, which uses the text as input and internally calculates a feature representation that is based on n-grams, but not of the words, but of the letters within the words.…”

Section: Supervised Approachesmentioning

confidence: 99%

See 1 more Smart Citation

On the feasibility of automated prediction of bug and non-bug issues

Herbold

Trautsch

2020

Empir Software Eng

View full text Add to dashboard Cite

Context Issue tracking systems are used to track and describe tasks in the development process, e.g., requested feature improvements or reported bugs. However, past research has shown that the reported issue types often do not match the description of the issue. Objective We want to understand the overall maturity of the state of the art of issue type prediction with the goal to predict if issues are bugs and evaluate if we can improve existing models by incorporating manually specified knowledge about issues. Method We train different models for the title and description of the issue to account for the difference in structure between these fields, e.g., the length. Moreover, we manually detect issues whose description contains a null pointer exception, as these are strong indicators that issues are bugs. Results Our approach performs best overall, but not significantly different from an approach from the literature based on the fastText classifier from Facebook AI Research. The small improvements in prediction performance are due to structural information about the issues we used. We found that using information about the content of issues in form of null pointer exceptions is not useful. We demonstrate the usefulness of issue type prediction through the example of labelling bugfixing commits. Conclusions Issue type prediction can be a useful tool if the use case allows either for a certain amount of missed bug reports or the prediction of too many issues as bug is acceptable.

show abstract

Section: Supervised Approachesmentioning

confidence: 99%

“…The network is still a deep neural network, the (shallow) means that this is the less deep variant that was used in byPalacio et al (2019), because they found that this performs better. neural network based on work byHan et al (2017) for the labeling of issues as vulnerabilities.…”

mentioning

confidence: 99%

On the feasibility of automated prediction of bug and non-bug issues

Herbold

Trautsch

2020

Empir Software Eng

View full text Add to dashboard Cite

show abstract

“…We also added the "I Don't Know" option to the Likert questions to not force the respondents to answer the statements that they were unsure about or were unclear to them. We leveraged the survey studies [37], [38] used to evaluate the usefulness of (the outputs of) ML/DLbased approaches and tools in the software engineering community to design the following statements.…”

Section: Approachmentioning

confidence: 99%

Supporting Developers in Addressing Human-centric Issues in Mobile Apps

Khalajzadeh¹,

Shahin²,

Obie³

et al. 2022

Preprint

View full text Add to dashboard Cite

Failure to consider the characteristics, limitations, and abilities of diverse end-users during mobile apps development may lead to problems for end-users such as accessibility and usability issues. We refer to this class of problems as human-centric issues. Despite their importance, there is a limited understanding of the types of human-centric issues that are encountered by end-users and taken into account by the developers of mobile apps. In this paper, we examine what human-centric issues end-users report through Google App Store reviews, which human-centric issues are a topic of discussion for developers on GitHub, and whether end-users and developers discuss the same human-centric issues. We then investigate whether an automated tool might help detect such human-centric issues and whether developers would find such a tool useful. To do this, we conducted an empirical study by extracting and manually analysing a random sample of 1,200 app reviews and 1,200 issue comments from 12 diverse projects that exist on both Google App Store and GitHub. Our analysis led to a taxonomy of human-centric issues that categorises human-centric issues into three-high levels: App Usage, Inclusiveness, and User Reaction. We then developed machine learning and deep learning models that are promising in automatically identifying and classifying human-centric issues from app reviews and developer discussions. A survey of mobile app developers shows that the automated detection of human-centric issues has practical applications. Guided by our findings, we highlight some implications and possible future work to further understand and incorporate human-centric issues in mobile apps development.

show abstract

“…We recognized 21 papers proposing solutions to various requirements classification tasks. Most of them focused on Functional/Non-Functional classification tasks [39,40,41,10,11,42,43,44,45,46,47,48,49], while the remaining focused on other classification tasks: security/Not security [50,51,52], topic-based classification [53], and classification based on requirements importance level [54].…”

Section: Requirements Analysismentioning

confidence: 99%

The Use of NLP-Based Text Representation Techniques to Support Requirement Engineering Tasks: A Systematic Mapping Review

Sonbol,

Rebdawi,

Ghneim

2022

Preprint

View full text Add to dashboard Cite

Natural Language Processing (NLP) is widely used to support the automation of different Requirements Engineering (RE) tasks. Most of the proposed approaches start with various NLP steps that analyze requirements statements, extract their linguistic information, and convert them to easy-toprocess representations, such as lists of features or embedding-based vector representations. These NLP-based representations are usually used at a later stage as inputs for machine learning techniques or rule-based methods. Thus, requirements representations play a major role in determining the accuracy of different approaches. In this paper, we conducted a survey in the form of a systematic literature mapping (classification) to find out ( 1) what are the representations used in RE tasks literature, ( 2) what is the main focus of these works, (3) what are the main research directions in this domain, and ( 4) what are the gaps and potential future directions. After compiling an initial pool of 2,227 papers, and applying a set of inclusion/exclusion criteria, we obtained a final pool containing 104 relevant papers. Our survey shows that the research direction has changed from the use of lexical and syntactic features to the use of advanced embedding techniques, especially in the last two years. Using advanced embedding representations has proved its effectiveness in most RE tasks (such as requirement analysis, extracting requirements from reviews and forums, and semantic-level quality tasks). However, representations that are based on lexical and syntactic features are still more appropriate for other RE tasks (such as modeling and syntax-level quality tasks) since they provide the required information for the rules and regular expressions used when handling these tasks. In addition, we identify four gaps in the existing literature, why they matter, and how future research can begin to address them.

show abstract

Learning to Identify Security-Related Issues Using Convolutional Neural Networks

Cited by 19 publications

References 18 publications

On the feasibility of automated prediction of bug and non-bug issues

On the feasibility of automated prediction of bug and non-bug issues

Supporting Developers in Addressing Human-centric Issues in Mobile Apps

The Use of NLP-Based Text Representation Techniques to Support Requirement Engineering Tasks: A Systematic Mapping Review

Contact Info

Product

Resources

About