A Comparison of Source Code Representation Methods to Predict Vulnerability Inducing Code Changes

Rusen Halepmollası, Khadija Hanifi, Ramin F. Fouladi, Ayse Tosun

Araştırma sonucu: ???type-name???Konferans katkısıbilirkişi

1 Atıf (Scopus)

Özet

Vulnerability prediction is a data-driven process that utilizes previous vulnerability records and their associated fixes in software development projects. Vulnerability records are rarely observed compared to other defects, even in large projects, and are usually not directly linked to the related code changes in the bug tracking system. Thus, preparing a vulnerability dataset and building a predicting model is quite challenging. There exist many studies proposing software metrics-based or embedding/token-based approaches to predict software vulnerabilities over code changes. In this study, we aim to compare the performance of two different approaches in predicting code changes that induce vulnerabilities. While the first approach is based on an aggregation of software metrics, the second approach is based on embedding representation of the source code using an Abstract Syntax Tree and skip-gram techniques. We employed Deep Learning and popular Machine Learning algorithms to predict vulnerability-inducing code changes. We report our empirical analysis over code changes on the publicly available SmartSHARK dataset that we extended by adding real vulnerability data. Software metrics-based code representation method shows a better classification performance than embedding-based code representation method in terms of recall, precision and F1-Score.

Orijinal dilİngilizce
Ana bilgisayar yayını başlığıProceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2023
EditörlerHermann Kaindl, Hermann Kaindl, Hermann Kaindl, Mike Mannion, Leszek Maciaszek, Leszek Maciaszek
YayınlayanScience and Technology Publications, Lda
Sayfalar469-478
Sayfa sayısı10
ISBN (Elektronik)9789897586477
DOI'lar
Yayın durumuYayınlandı - 2023
Etkinlik18th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2023 - Prague, Czech Republic
Süre: 24 Nis 202325 Nis 2023

Yayın serisi

AdıInternational Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings
Hacim2023-April
ISSN (Elektronik)2184-4895

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???18th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2023
Ülke/BölgeCzech Republic
ŞehirPrague
Periyot24/04/2325/04/23

Bibliyografik not

Publisher Copyright:
Copyright © 2023 by SCITEPRESS - Science and Technology Publications, Lda. Under CC license (CC BY-NC-ND 4.0)

Finansman

This work was funded by The Scientific and Technological Research Council of Turkey, under 1515 Frontier R&D Laboratories Support Program with project no: 5169902.

FinansörlerFinansör numarası
Türkiye Bilimsel ve Teknolojik Araştırma Kurumu5169902

    Parmak izi

    A Comparison of Source Code Representation Methods to Predict Vulnerability Inducing Code Changes' araştırma başlıklarına git. Birlikte benzersiz bir parmak izi oluştururlar.

    Alıntı Yap