Empirical studies on the impact of filter‐based ranking feature selection on security vulnerability prediction

Chen, Xiang; Yuan, Zhidan; Cui, Zhanqi; Zhang, Dun; Ju, Xiaolin

doi:10.1049/sfw2.12006

Cited by 16 publications

(6 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, in our future academic research, we will aim to further improve the proposed PERR method by considering the weights of different dimensions to enlarge the application scope of PERR. In addition, we will continue to investigate the possibility of integrating our privacy-aware PERR solution with other classical privacy-preservation techniques, such as blockchain [31][32][33] , differential privacy [34,35] , anonymization [36] , and program code analyses [37,38] . Moreover, computation offloading is often necessary, especially in a big data environment [39][40][41][42][43][44][45] .…”

Section: Discussionmentioning

confidence: 99%

Privacy-aware examination results ranking for the balance between teachers and mothers

Yuan

Wang

Zhao

et al. 2022

Tsinghua Sci. Technol.

View full text Add to dashboard Cite

As the main parent and guardian, mothers are often concerned with the study performance of their children.More specifically, most mothers are eager to know the concrete examination scores of their children. However, with the continuous progress of modern education systems, most schools or teachers have now been forbidden to release sensitive student examination scores to the public due to privacy concerns, which has made it infeasible for mothers to know the real study level or examination performance of their children. Therefore, a conflict has come to exist between teachers and mothers, which harms the general growing up of students in their study. In view of this challenge, we propose a Privacy-aware Examination Results Ranking (PERR) method to attempt at balancing teachers' privacy disclosure concerns and the mothers' concerns over their children's examination performance.By drawing on a relevant case study, we prove the effectiveness of the proposed PERR method in evaluating and ranking students according to their examination scores while at the same time securing sensitive student information.

show abstract

Section: Discussionmentioning

confidence: 99%

Privacy-aware examination results ranking for the balance between teachers and mothers

Yuan

Wang

Zhao

et al. 2022

Tsinghua Sci. Technol.

View full text Add to dashboard Cite

show abstract

“…respectively. Only two studies [46] and [73] used a combination of metrics and text features. Three studies [32], [33], and [39] have utilized patterns, and four studies [7], [13], [16], and [68] used code attributes.…”

Section: Table 3 Quality Assessment Questionsmentioning

confidence: 99%

“…The experimental research shows that this procedure cuts training time by roughly 68%. In [73], it is mentioned that SVP data sets frequently include several features, which leads to the dimensionality curse. Since other forms of feature selection methods have a high computational cost, the focus of this paper is on the effect of filter-based ranking feature selection (FRFS) approaches on SVP.…”

Section: Figure 3 Year-wise Distribution Of Research Publicationsmentioning

confidence: 99%

A Systematic Literature Review on Software Vulnerability Prediction Models

Bassi,

Singh

2023

IEEE Access

View full text Add to dashboard Cite

The prediction of software vulnerability requires crucial awareness during the software specification, design, development, and configuration to achieve less vulnerable and secure software. Software vulnerability prediction is the process of model development that can be beneficial for the early prediction of vulnerable components at various granularity levels such as file, class, and method. Machine learning and deep learning techniques are gaining popularity in developing vulnerability prediction models. This paper performs a systematic review of primary studies from 2000 to 2022 in the literature that used machine learning and deep learning techniques for software vulnerability prediction. In addition to this, the paper understands the concept of resampling methods to handle imbalanced dataset problems; summarizes the important hyperparameter optimization methods to tune hyperparameters; explains the types of features, data pre-processing techniques, dimensionality reduction, and feature selection techniques. Furthermore, encapsulating the comparison of ML/DL techniques and highlighting the best technique is performed. The paper identifies seventy-seven research studies that use thirty-two machine learning and five deep learning techniques. Additionally, it identifies five different feature types, data pre-processing methods, thirty-seven datasets, nine data balancing techniques, twenty-six performance measures, six hyperparameter optimization methods, and the ranges of hyperparameters. Finally, guidelines for researchers to increase the productivity of software vulnerability prediction models have been illustrated in the paper.

show abstract

“…Many works have been done considering the evaluation of different static code analyzers (e.g., [55] for C/C++), but the number of works considering the analysis of the suitability of features generated by them for the purpose of vulnerability prediction is limited. In [56,57], empirical studies considering three open-source PHP web applications were conducted. They based their research on a dataset and twelve metrics introduced in [49].…”

Section: Related Workmentioning

confidence: 99%

“…They based their research on a dataset and twelve metrics introduced in [49]. In [56], they examined the performance of different software vulnerability prediction models in terms of effort-aware performance measures, in contrast to [57], where they considered the impact of Filter-based Ranking Feature Selection (FRFS) methods on vulnerability prediction. In [58], an empirical study was conducted to examine a security risk (assessed by the Androrisk application) prediction of Android applications based on 21 code metrics obtained using SonarQube and six machine learning algorithms.…”

Section: Related Workmentioning

confidence: 99%

Efficient Feature Selection for Static Analysis Vulnerability Prediction

Filus

Boryszko

Domańska

et al. 2021

Sensors

View full text Add to dashboard Cite

Common software vulnerabilities can result in severe security breaches, financial losses, and reputation deterioration and require research effort to improve software security. The acceleration of the software production cycle, limited testing resources, and the lack of security expertise among programmers require the identification of efficient software vulnerability predictors to highlight the system components on which testing should be focused. Although static code analyzers are often used to improve software quality together with machine learning and data mining for software vulnerability prediction, the work regarding the selection and evaluation of different types of relevant vulnerability features is still limited. Thus, in this paper, we examine features generated by SonarQube and CCCC tools, to identify those that can be used for software vulnerability prediction. We investigate the suitability of thirty-three different features to train thirteen distinct machine learning algorithms to design vulnerability predictors and identify the most relevant features that should be used for training. Our evaluation is based on a comprehensive feature selection process based on the correlation analysis of the features, together with four well-known feature selection techniques. Our experiments, using a large publicly available dataset, facilitate the evaluation and result in the identification of small, but efficient sets of features for software vulnerability prediction.

show abstract

Empirical studies on the impact of filter‐based ranking feature selection on security vulnerability prediction

Cited by 16 publications

References 48 publications

Privacy-aware examination results ranking for the balance between teachers and mothers

Privacy-aware examination results ranking for the balance between teachers and mothers

A Systematic Literature Review on Software Vulnerability Prediction Models

Efficient Feature Selection for Static Analysis Vulnerability Prediction

Contact Info

Product

Resources

About