Towards a Prototype Based Explainable JavaScript Vulnerability Prediction Model

Mosolygó, Balázs; Vándor, Norbert; Antal, Gábor; Hegedűs, Péter; Ferenć, Rudolf

doi:10.1109/iccq51190.2021.9392984

Cited by 6 publications

(3 citation statements)

References 16 publications

(41 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Forecasting the number of vulnerabilities is most usually applied to high levels of granularity, with the project level to be the prevailing one, whereas prediction of vulnerable components is applied to lower levels of granularity, with the file level to be the most common one. Based on the findings of our literature research [15][16][17], researchers need to develop more practical VPMs in the sense of providing more precise information about the localization of the vulnerability into the source code. The lower the granularity level of the vulnerable software component, the easier for the user to identify the exact location of the vulnerability and fix it.…”

Section: Rq 1 -Research Goals In Vulnerability Predictionmentioning

confidence: 99%

Software vulnerability prediction: A systematic mapping study

Kalouptsoglou

Siavvas

Ampatzoglou

et al. 2023

Information and Software Technology

View full text Add to dashboard Cite

Section: Rq 1 -Research Goals In Vulnerability Predictionmentioning

confidence: 99%

Software vulnerability prediction: A systematic mapping study

Kalouptsoglou

Siavvas

Ampatzoglou

et al. 2023

Information and Software Technology

View full text Add to dashboard Cite

“…Our main goal in this paper is to compare how well a JavaScript line-level MLbased vulnerability prediction method works when compared to classical static analyzer tools for vulnerability detection. Therefore, in this section, we describe the essence of an ML-based vulnerability detection method [18] we developed for identifying vulnerable JavaScript code lines and the benchmark we used for comparing it to other static analysis vulnerability checkers.…”

Section: Approachmentioning

confidence: 99%

“…In one of our earlier works [18], we proposed an ML-based line-level vulnerability prediction method with the goal of finding vulnerabilities in JavaScript systems, while being both granular and explainable. Since our method provided favorable results, it was the next natural step to see how it fares against other static analyzers.…”

Section: Introductionmentioning

confidence: 99%

Comparing ML-Based Predictions and Static Analyzer Tools for Vulnerability Detection

Vándor

Mosolygó

Hegelűs

2022

Computational Science and Its Applications – ICCSA 2022 Workshops

View full text Add to dashboard Cite

Finding and eliminating security issues early in the development process is critical as software systems are shaping many aspects of our daily lives. There are numerous approaches for automatically detecting security vulnerabilities in the source code from which static analysis and machine learning based methods are the most popular. However, we lack comprehensive benchmarking of vulnerability detection methods across these two popular categories. In one of our earlier works, we proposed an ML-based line-level vulnerability prediction method with the goal of finding vulnerabilities in JavaScript systems. In this paper, we report results on a systematic comparison of this ML-based vulnerability detection technique with three widely used static checker tools (Node-JSScan 1 , ESLint 2 , and CodeQL 3 ) using the OSSF CVE Benchmark 4 . We found that our method was more than capable of finding vulnerable lines, managing to find 60% of all vulnerabilities present in the examined dataset, which corresponds to the best recall of all tools. Nonetheless, our method had higher false-positive rate and running time than that of the static checkers.

show abstract

A Line-Level Explainable Vulnerability Detection Approach for Java

Mosolygó

Vándor

Hegedűs

et al. 2022

Computational Science and Its Applications – ICCSA 2022 Workshops

View full text Add to dashboard Cite

1 niversity of zegedD oftwre ingineering heprtment 2 prontinde vtdFD zegedD rungry Abstract. qiven our modern soiety9s level of dependeny on s tehE nologyD high qulity nd seurity re not just desirle ut rther vitl properties of urrent softwre systemsF impiril methods leverging the ville rih openEsoure dt nd dvned dt proessing tehniques of wv lgorithms n help softwre developers ensure these propertiesF xonethelessD stteEofEtheErt ug nd vulnerility predition methods re rrely used in prtie due to numerous resonsF he preditions re not tionle in most of the ses due to their level of grnulrity @iFeFD they mrk entire lssesG(les to e uggy or vulnerleA nd euse the methods seldom provide explntion why frgment of soure ode is prolemtiF sn this pperD we present novel tv vulnerility deteE tion method tht ddresses oth of these issuesF st is n dpttion of our previous method for tvript tht is ple of pinpointing vulE nerle soure ode lines of progrm together with prototypeEsed explntionF he method relies on the wordPve similrity of ode frgE ments to known vulnerle soure ode linesF yur empiril evlution showed promising resultsD we ould detet TI7 nd RI7 of the vulnerE le ode lines y )gging only RQ7 nd PP7 of the progrm ode linesD respetivelyD using two of the est detetion on

show abstract

Towards a Prototype Based Explainable JavaScript Vulnerability Prediction Model

Cited by 6 publications

References 16 publications

Software vulnerability prediction: A systematic mapping study

Software vulnerability prediction: A systematic mapping study

Comparing ML-Based Predictions and Static Analyzer Tools for Vulnerability Detection

A Line-Level Explainable Vulnerability Detection Approach for Java

Contact Info

Product

Resources

About