Open source software security vulnerability detection based on dynamic behavior features

Li, Yuancheng; Ma, Longqiang; Shen, Liang; Lv, Junfeng; Zhang, Pan

doi:10.1371/journal.pone.0221530

Cited by 9 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ultrasonic data acquisition refers to the analysis of the source code or binary code of the program without running the program [16][17][18]. rough ultrasonic data acquisition, a clear framework understanding of the program can be realized, and the combination of dynamic and static is realized according to the corresponding ultrasonic data acquisition, focusing on solving the problem of false alarm rate [19,20].…”

Section: Binary Program Ultrasonic Data Acquisitionmentioning

confidence: 99%

Detection and Analysis of Man-Machine Interactive Software Vulnerabilities Based on Ultrasonic Data Acquisition and Signal Processing Algorithms

Lei

2021

Advances in Multimedia

View full text Add to dashboard Cite

With the gradual increase in the informatization, there is much software in various industries, such as data management, business execution, public orientation, and company OA, which greatly facilitates the development of various tasks, but it also brings many hidden dangers. There exist certain vulnerabilities in some software, which have become backdoors to be attacked. In view of these needs and potential hazards, the ultrasonic data acquisition and signal processing algorithms are introduced in this paper, analyzing and grasping the possibility of potentially dangerous paths by combining the instruction addresses and locations of software vulnerabilities, and avoid the existence of these software vulnerabilities through corresponding constraint instructions. The simulation experiment results prove that the ultrasonic data acquisition and signal processing algorithms are effective and can support the detection and analysis of man-machine interactive software vulnerabilities.

show abstract

Section: Binary Program Ultrasonic Data Acquisitionmentioning

confidence: 99%

Detection and Analysis of Man-Machine Interactive Software Vulnerabilities Based on Ultrasonic Data Acquisition and Signal Processing Algorithms

Lei

2021

Advances in Multimedia

View full text Add to dashboard Cite

show abstract

“…Therefore, we suggest open source software developers to check vulnerabilityrelated code on a regular basis. [33] and flaw function heuristic [34]. We can also recommend researchers to consider future work, as follows:…”

Section: Implication and Recommendationmentioning

confidence: 99%

A Study of Vulnerability Identifiers in Code Comments: Source, Purpose, and Severity

Nugroho

Gunawan

Putri

et al. 2022

JCOMSS

View full text Add to dashboard Cite

Software vulnerability is one of the weaknesses in computer security that challenges developers to rectify. Software maintainers rely on code comments to maintain their source code, including fixing vulnerability issues. To facilitate understanding the security issues in the related code, vulnerability identifiers are commonly included in code comments. However, not all vulnerability-related code comments describe clearly the purposes of the inclusion of the identifiers. Based on this evidence, we investigate the importance of vulnerability identifiers contained in source code comments, which is the novelty of this paper. We performed a study of 1,491 code comments that refer to vulnerability identifiers to define their categories. We then applied a mixed-method approach to classifying the types of the related repository and code, the rationale of identifier references, and the severity level of vulnerabilities in the code. The results indicate that vulnerability identifiers in code comments are useful to notify security issues for the related source code, and our study widens up chances for future work to further investigate these problems.

show abstract

“…The out of sample error is mathematically calculated using the given formula. (6) Where, denotes an out of sample error of weak classifiers, represents the expected error, is the empirical error. Depends on the error rate, the weight of each weak learner is readjusted known as re-weighting.…”

Section: (3)mentioning

confidence: 99%

“…But the performance of defect prediction was not improved while considering the more projects. A CNN-IndRNN model was developed in [6] to identify the open-source software defects for enhancing the software quality with dynamic features. But, the time was not reduced.…”

Section: Introductionmentioning

confidence: 99%

Stochastic Embedded Probit Regressive Reweight Boost Classifier for Software Quality Examination

2019

IJRTE

View full text Add to dashboard Cite

In software development, Software quality analysis plays a considerable process. Through the software testing, the quality analysis is performed for efficient prediction of defects in the code. Due to the complicated structure of software projects, code examination has become a demanding issue that has to be addressed at the initial stage of testing for achieving the quality improved results. In order to resolve these issues, the Stochastic Gaussian Neighbor Embedding based Probit Regressive Reweight Boost Classification (SGNE-PRRBC) is introduced for accurate quality prediction system through code examination proficient system. The SGNE-PRRBC technique considers the number of program files as input for software quality analysis through feature selection and classification. Initially, the number of program files is taken from the dataset (DS). After collecting the files, the Gaussian distributive stochastic neighbor embedding technique choose the features (i.e. code metrics) based on the distance similarity. With the assist of Pearson correlative probit regressed reweight boost technique, the classification of program files is performed. The boosting algorithm creates ‘m’ number of weak classifiers i.e. Pearson correlative probit regression to categorize the input program files as normal or defected through analyze the source codes and chosen metrics. After that, the weak learners results are combined into strong through minimizing the out of sample error with gradient descent function. This enhances the accuracy of quality prediction and lessens the false positive rate (FPR). Experimental analysis is performed with various metrics namely accuracy, FPR and computation time (CT) with number of program files. Experimental results evident that the SGNE-PRRBC technique achieves better performance in terms of accuracy, CT and FPR as compared to the conventional methods.

show abstract

Open source software security vulnerability detection based on dynamic behavior features

Cited by 9 publications

References 18 publications

Detection and Analysis of Man-Machine Interactive Software Vulnerabilities Based on Ultrasonic Data Acquisition and Signal Processing Algorithms

Detection and Analysis of Man-Machine Interactive Software Vulnerabilities Based on Ultrasonic Data Acquisition and Signal Processing Algorithms

A Study of Vulnerability Identifiers in Code Comments: Source, Purpose, and Severity

Stochastic Embedded Probit Regressive Reweight Boost Classifier for Software Quality Examination

Contact Info

Product

Resources

About