Profiling developers to predict vulnerable code changes

Tugce Coskun, Rusen Halepmollasi, Khadija Hanifi, Ramin Fadaei Fouladi, Pinar Comak De Cnudde, Ayse Tosun

Araştırma sonucu: ???type-name???Konferans katkısıbilirkişi

1 Atıf (Scopus)

Özet

Software vulnerability prediction and management have caught the interest of researchers and practitioners, recently. Various techniques that are usually based on characteristics of the code artefacts are also offered to predict software vulnerabilities. While other studies achieve promising results, the role of developers in inducing vulnerabilities has not been studied yet. We aim to profile the vulnerability inducing and vulnerability fixing behaviors of developers in software projects using Heterogeneous Information Network (HIN) analysis. We also investigate the impact of developer profiles in predicting vulnerability inducing commits, and compare the findings against the approach based on the code metrics. We adopt Random Walk with Restart (RWR) algorithm on HIN and the aggregation of code metrics for extracting all the input features. We utilize traditional machine learning algorithms namely, Naive Bayes (NB), Support Vector Machine (SVM), Random Forest (RF) and eXtreme Gradient Boosting (XGBoost) to build the prediction models.We report our empirical analysis to predict vulnerability inducing commits of four Apache projects. The technique based on code metrics achieves 90% success for the recall measure, whereas the technique based on profiling developer behavior achieves 71% success. When we use the feature sets obtained with the two techniques together, we achieve 89% success.

Orijinal dilİngilizce
Ana bilgisayar yayını başlığıPROMISE 2022 - Proceedings of the 18th International Conference on Predictive Models and Data Analytics in Software Engineering, co-located with ESEC/FSE 2022
EditörlerShane McIntosh, Weiyi Shang, Gema Rodriguez Perez
YayınlayanAssociation for Computing Machinery, Inc
Sayfalar32-41
Sayfa sayısı10
ISBN (Elektronik)9781450398602
DOI'lar
Yayın durumuYayınlandı - 2 Kas 2022
Etkinlik18th ACM International Conference on Predictive Models and Data Analytics in Software Engineering, PROMISE 2022, co-located with the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2022 - Singapore, Singapore
Süre: 17 Kas 2022 → …

Yayın serisi

AdıPROMISE 2022 - Proceedings of the 18th International Conference on Predictive Models and Data Analytics in Software Engineering, co-located with ESEC/FSE 2022

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???18th ACM International Conference on Predictive Models and Data Analytics in Software Engineering, PROMISE 2022, co-located with the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2022
Ülke/BölgeSingapore
ŞehirSingapore
Periyot17/11/22 → …

Bibliyografik not

Publisher Copyright:
© 2022 Owner/Author.

Finansman

This work was funded by The Scientific and Technological Research Council of Turkey, under 1515 Frontier RD Laboratories Support Program with project no: 5169902.

FinansörlerFinansör numarası
Türkiye Bilimsel ve Teknolojik Araştırma Kurumu5169902

    Parmak izi

    Profiling developers to predict vulnerable code changes' araştırma başlıklarına git. Birlikte benzersiz bir parmak izi oluştururlar.

    Alıntı Yap