An automatic software vulnerability classification framework using term frequency-inverse gravity moment and feature selection

Chen, Jinfu; Kudjo, Patrick Kwaku; Mensah, Solomon; Brown, Selasie Aformaley; Akorfu, George

doi:10.1016/j.jss.2020.110616

Cited by 26 publications

(13 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Kudjo et al [100] showed that using term frequency (BoW) with inverse gravity moment weighting [33] to extract features from SV descriptions can enhance the performance of ML models (i.e., KNN, Decision tree and Random forest) in predicting the severity of SVs. Later, Chen et al [32] confirmed that this feature extraction method was also effective for more projects and classifiers (e.g., Naïve Bayes and SVM). Besides investigating feature extraction, Kudjo et al [99] also highlighted the possibility of finding Bellwether, i.e., the smallest set of data that can be used to train an optimal prediction model, for classifying severity.…”

Section: Severe Vs Non-severementioning

confidence: 94%

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

Le¹,

Chen²,

Babar³

2021

Preprint

View full text Add to dashboard Cite

Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surge in SV data sources and datadriven techniques such as Machine Learning and Deep Learning have taken SV assessment and prioritization to the next level. Our survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization. We also discuss the current limitations and propose potential solutions to address such issues. CCS Concepts: • General and reference → Surveys and overviews; • Security and privacy → Software security engineering; • Computing methodologies → Machine learning; Neural networks;

show abstract

Section: Severe Vs Non-severementioning

confidence: 94%

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

Le¹,

Chen²,

Babar³

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…The well-known Random Forest algorithm, as a parallel ensemble algorithm, has become one of the most commonly used ensemble algorithms. A large number of studies (37) employed Random Forest to address diferent software engineering research tasks. These include defect prediction, vulnerability prediction, code quality prediction, software license exception detection, and fault localization [180,215,268,281,335].…”

Section: Predictive Model Classificationmentioning

confidence: 99%

Predictive Models in Software Engineering: Challenges and Opportunities

Yang

Xia

et al. 2022

ACM Trans. Softw. Eng. Methodol.

View full text Add to dashboard Cite

Predictive models are one of the most important techniques that are widely applied in many areas of software engineering. There have been a large number of primary studies that apply predictive models and that present well-performed studies in various research domains, including software requirements, software design and development, testing and debugging and software maintenance. This paper is a first attempt to systematically organize knowledge in this area by surveying a body of 421 papers on predictive models published between 2009 and 2020. We describe the key models and approaches used, classify the different models, summarize the range of key application areas, and analyze research results. Based on our findings, we also propose a set of current challenges that still need to be addressed in future work and provide a proposed research road map for these opportunities.

show abstract

“…--P2, P28, and P39 classified vulnerabilities according to their severity levels. P2 [4] proposed a framework for vulnerability severity classification using five statistical learners, namely, RF, KNN, decision tree (DT), NB, and SVM. P28 [62] used word embeddings and a onelayer shallow convolutional neural network (CNN) to automatically capture discriminative words and sentence features of bug report descriptions.…”

Section: --P7 [58] Proposed a Novel Approach Called 'Ltrwes'mentioning

confidence: 99%

“…We perform an SMS following the guidelines of Petersen et al [7] to synthesize publications that use security bug reports for software vulnerability research. First, we search five scholar databases namely, IEEE Xplore 3 , ACM Digital Library 4 , ScienceDirect 5 , Wiley Online Library 6 , and Springer Link 7 . Using two search strings, we obtain a set of 45,077 publications from the software engineering (SE) domain that were published from 2000 to August 2020.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study

Bhuiyan¹,

Sharif²,

Rahman³

2021

IEEE Access

View full text Add to dashboard Cite

Context: Security bug reports are reports from bug tracking systems that include descriptions and resolutions of security vulnerabilities that occur in software projects. Researchers use security bug reports to conduct research related to software vulnerabilities. A mapping study of publications that use security bug reports can inform researchers on (i) the research topics that have been investigated, and (ii) potential research avenues in the field of software vulnerabilities. Objective: The objective of this paper is to help researchers identify research gaps related to software vulnerabilities by conducting a systematic mapping study of research publications that use security bug reports. Method: We perform a systematic mapping study of research that use security bug reports for software vulnerability research by searching five scholar databases: (i) IEEE Xplore, (ii) ACM Digital Library, (iii) ScienceDirect, (iv) Wiley Online Library, and (v) Springer Link. From the five scholar databases, we select 46 publications that use security bug reports by systematically applying inclusion and exclusion criteria. Using qualitative analysis, we identify research topics investigated in our collected set of publications. Results: We identify three research topics that are investigated in our set of 46 publications. The three topics are: (i) vulnerability classification; (ii) vulnerability report summarization; and (iii) vulnerability dataset construction. Of the studied 46 publications, 42 publications focus on vulnerability classification. Conclusion: Findings from our mapping study can be leveraged to identify research opportunities in the domains of software vulnerability classification and automated vulnerability repair techniques.

show abstract

An automatic software vulnerability classification framework using term frequency-inverse gravity moment and feature selection

Cited by 26 publications

References 32 publications

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

Predictive Models in Software Engineering: Challenges and Opportunities

Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study

Contact Info

Product

Resources

About