Özet
Software vulnerability prediction and management have caught the interest of researchers and practitioners, recently. Various techniques that are usually based on characteristics of the code artefacts are also offered to predict software vulnerabilities. While other studies achieve promising results, the role of developers in inducing vulnerabilities has not been studied yet. We aim to profile the vulnerability inducing and vulnerability fixing behaviors of developers in software projects using Heterogeneous Information Network (HIN) analysis. We also investigate the impact of developer profiles in predicting vulnerability inducing commits, and compare the findings against the approach based on the code metrics. We adopt Random Walk with Restart (RWR) algorithm on HIN and the aggregation of code metrics for extracting all the input features. We utilize traditional machine learning algorithms namely, Naive Bayes (NB), Support Vector Machine (SVM), Random Forest (RF) and eXtreme Gradient Boosting (XGBoost) to build the prediction models.We report our empirical analysis to predict vulnerability inducing commits of four Apache projects. The technique based on code metrics achieves 90% success for the recall measure, whereas the technique based on profiling developer behavior achieves 71% success. When we use the feature sets obtained with the two techniques together, we achieve 89% success.
| Orijinal dil | İngilizce |
|---|---|
| Ana bilgisayar yayını başlığı | PROMISE 2022 - Proceedings of the 18th International Conference on Predictive Models and Data Analytics in Software Engineering, co-located with ESEC/FSE 2022 |
| Editörler | Shane McIntosh, Weiyi Shang, Gema Rodriguez Perez |
| Yayınlayan | Association for Computing Machinery, Inc |
| Sayfalar | 32-41 |
| Sayfa sayısı | 10 |
| ISBN (Elektronik) | 9781450398602 |
| DOI'lar | |
| Yayın durumu | Yayınlandı - 2 Kas 2022 |
| Etkinlik | 18th ACM International Conference on Predictive Models and Data Analytics in Software Engineering, PROMISE 2022, co-located with the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2022 - Singapore, Singapore Süre: 17 Kas 2022 → … |
Yayın serisi
| Adı | PROMISE 2022 - Proceedings of the 18th International Conference on Predictive Models and Data Analytics in Software Engineering, co-located with ESEC/FSE 2022 |
|---|
???event.eventtypes.event.conference???
| ???event.eventtypes.event.conference??? | 18th ACM International Conference on Predictive Models and Data Analytics in Software Engineering, PROMISE 2022, co-located with the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2022 |
|---|---|
| Ülke/Bölge | Singapore |
| Şehir | Singapore |
| Periyot | 17/11/22 → … |
Bibliyografik not
Publisher Copyright:© 2022 Owner/Author.
Finansman
This work was funded by The Scientific and Technological Research Council of Turkey, under 1515 Frontier RD Laboratories Support Program with project no: 5169902.
| Finansörler | Finansör numarası |
|---|---|
| Türkiye Bilimsel ve Teknolojik Araştırma Kurumu | 5169902 |