2019
DOI: 10.5815/ijitcs.2019.07.05
|View full text |Cite
|
Sign up to set email alerts
|

Evaluating and Comparing Size, Complexity and Coupling Metrics as Web Applications Vulnerabilities Predictors

Abstract: Most security and privacy issues in software are related to exploiting code vulnerabilities. Many studies have tried to find the correlation between the software characteristics (complexity, coupling, etc.) quantified by corresponding code metrics and its vulnerabilities and to propose automatic prediction models that help developers locate vulnerable components to minimize maintenance costs. The results obtained by these studies cannot be applied directly to web applications because a web application differ… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
8
0
1

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
1

Relationship

2
4

Authors

Journals

citations
Cited by 12 publications
(9 citation statements)
references
References 19 publications
0
8
0
1
Order By: Relevance
“…One of the key research directions is to develop intelligent vulnerability detection techniques that act on source code. The following three sub-categories can be found: vulnerability detection methods based on software metrics [18] [19] [20] [21], anomaly detection technique for detecting vulnerabilities by looking for abnormal patterns [22], and vulnerable pattern learning [23].…”
Section: Machine Learning-based Vulnerability Detectionmentioning
confidence: 99%
See 2 more Smart Citations
“…One of the key research directions is to develop intelligent vulnerability detection techniques that act on source code. The following three sub-categories can be found: vulnerability detection methods based on software metrics [18] [19] [20] [21], anomaly detection technique for detecting vulnerabilities by looking for abnormal patterns [22], and vulnerable pattern learning [23].…”
Section: Machine Learning-based Vulnerability Detectionmentioning
confidence: 99%
“…Some of the prior studies in the field of vulnerability detection tried to evaluate theories that are a correlation between software characteristics: complexity, coupling, etc. [19] [46] [47] [18]. Mohammed et al [20] Aim to use code metrics as features to detect software vulnerabilities based on deep learning with a fine granularity level.…”
Section: State-of-the-art Studiesmentioning
confidence: 99%
See 1 more Smart Citation
“…Most of the prior studies in the field of AVP tried to evaluate theories that are a correlation between software characteristics: complexity, coupling, etc and vulnerabilities [10]- [13]. In other studies [8], [14] researchers reported that the classic software metrics used in DPM are not accurate for VPM.…”
Section: B Vulnerability Prediction Model (Vpm)mentioning
confidence: 99%
“…Training a VPM from such an imbalanced dataset is often challenging because the VPM may be biased towards the major class (negatives) and hence it only learns to predict everything as negatives and ignores the minor class (positives). Therefore, undersampling is a technique that is often used to balance the training set [11], [13], [15]. With this technique, all the positive cases in the training set are retained, while only a subset of the negatives is selected.…”
Section: ) Balancing the Datasetmentioning
confidence: 99%