Machine Learning Methods for Software Vulnerability Detection

Chernis, Boris; Verma, Rakesh M.

doi:10.1145/3180445.3180453

Cited by 51 publications

(32 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It is used for the protection of secret data or control-flow graphs (CFGs) of a program. [113] Machine learning methods e contribution of this paper is a methodology for analyzing features from C source code to classify functions as vulnerable or nonvulnerable.…”

Section: Hybrid Reputation Modelmentioning

confidence: 99%

Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions

Liao

Nazir

Khan

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Software component plays a significant role in the functionality of software systems. Component of software is the existing and reusable parts of a software system that is formerly debugged, confirmed, and practiced. The use of such components in a newly developed software system can save effort, time, and many resources. Due to the practice of using components for new developments, security is one of the major concerns for researchers to tackle. Security of software components can save the software from the harm of illegal access and damages of its contents. Several existing approaches are available to solve the issues of security of components from different perspectives in general while security evaluation is specific. A detailed report of the existing approaches and techniques used for security purposes is needed for the researchers to know about the approaches. In order to tackle this issue, the current research presents a systematic literature review (SLR) of the present approaches used for assessing the security of software components in the literature by practitioners to protect software systems for the Internet of Things (IoT). The study searches the literature in the popular and well-known libraries, filters the relevant literature, organizes the filter papers, and extracts derivations from the selected studies based on different perspectives. The proposed study will benefit practitioners and researchers in support of the report and devise novel algorithms, techniques, and solutions for effective evaluation of the security of software components.

show abstract

Section: Hybrid Reputation Modelmentioning

confidence: 99%

Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions

Liao

Nazir

Khan

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…While bug reports were taken as input in that study, in many other studies, source code is taken as input. Text mining is a highly preferred technique for obtaining features directly from source codes as in the studies [65][66][67][68][69]. Several studies [63,70] have compared text mining-based models and software metrics-based models.…”

Section: Data Mining In Vulnerability Analysismentioning

confidence: 99%

Data Mining and Machine Learning for Software Engineering

Kiyak¹

2021

Data Mining - Methods, Applications and Systems

View full text Add to dashboard Cite

Software engineering is one of the most utilizable research areas for data mining. Developers have attempted to improve software quality by mining and analyzing software data. In any phase of software development life cycle (SDLC), while huge amount of data is produced, some design, security, or software problems may occur. In the early phases of software development, analyzing software data helps to handle these problems and lead to more accurate and timely delivery of software projects. Various data mining and machine learning studies have been conducted to deal with software engineering tasks such as defect prediction, effort estimation, etc. This study shows the open issues and presents related solutions and recommendations in software engineering, applying data mining and machine learning techniques.

show abstract

“…Software metrics. Some studies [2], [23], [24] investigate whether software metrics obtained from source code and development history are discriminative and predictive of vulnerable code locations. For example, Shin et al [2] examined the applicability of three types of software metrics (complexity, code churn, and developer activity) to build vulnerability prediction models.…”

Section: Related Workmentioning

confidence: 99%

“…They performed empirical analyses on two open-source projects, the Mozilla Firefox and the Red Hat Enterprise Linux kernel, and found that 24 of the 28 metrics collected are discriminative of vulnerabilities for both projects. Another work [24] demonstrated that some trivial software metrics such as character diversity, string entropy, function length and nesting depth could be useful indicators for vulnerability detection.…”

Section: Related Workmentioning

confidence: 99%

Vulnerability Prediction From Source Code Using Machine Learning

Bilgin¹,

Ersoy²,

Soykan³

et al. 2020

IEEE Access

View full text Add to dashboard Cite

As the role of information and communication technologies gradually increases in our lives, software security becomes a major issue to provide protection against malicious attempts and to avoid ending up with noncompensable damages to the system. With the advent of data-driven techniques, there is now a growing interest in how to leverage machine learning (ML) as a software assurance method to build trustworthy software systems. In this study, we examine how to predict software vulnerabilities from source code by employing ML prior to their release. To this end, we develop a source code representation method that enables us to perform intelligent analysis on the Abstract Syntax Tree (AST) form of source code and then investigate whether ML can distinguish vulnerable and nonvulnerable code fragments. To make a comprehensive performance evaluation, we use a public dataset that contains a large amount of function-level real source code parts mined from open-source projects and carefully labeled according to the type of vulnerability if they have any. We show the effectiveness of our proposed method for vulnerability prediction from source code by carrying out exhaustive and realistic experiments under different regimes in comparison with state-of-art methods.

show abstract

Machine Learning Methods for Software Vulnerability Detection

Cited by 51 publications

References 14 publications

Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions

Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions

Data Mining and Machine Learning for Software Engineering

Vulnerability Prediction From Source Code Using Machine Learning

Contact Info

Product

Resources

About