Towards data-driven vulnerability prediction for requirements

Imtiaz, Sayem Mohammad; Bhowmik, Tanmay

doi:10.1145/3236024.3264836

Cited by 4 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Top-k accuracy Among the top-K samples, the number of samples labeled as "vulnerable" is vˆ. Hidden Layer [5,10,20,50,100] SV58 NB(Vector size=75. Window size=4) Linear Regression (Vector size=150, window size=8) Logistic Regression (vector size=150, window size=8, Liblinear solver, regularization wt (c)=2.0, tolerance value 0.001) Decision Tree (vector size=150, window size=12, max depth=10, gini splitting criterion) RF (vector size=150, window size=4, max depth=10, entropy, no of trees=100) CDNNC (vector size=150, window size=8, 5 layers, 200 neurons, learning_rate=0.05, binary cross-entropy, 10 epochs, batch size=100) SDNNC (vector size=75, window size=8, 5 layers, 250 neurons, 0.0005 beta value) KNN (vector size=75, window size=8, k=18, uniform distance weights) SVM (Radial Basis Function, gamma value=0.02, c=2.…”

Section: Sv48mentioning

confidence: 99%

“…No of training iterations=150, Batch_size=32, Dimensionality of output feature vectors= No of filters N=128, Dimensionality of word embeddings=300SV32Grid Search Unspecified SV44, SV67 RF (n_estimators[10,150], max_leaf_nodes=[2,50], min_samples_leaf=[1,20], max_features=[0.01,1], min_sample_split=[2,20], max_depth[1,10])LR (C=[1.0, 10.0], max_iter=[50,200], verbose=[0,10]) KNN (leaf_size=[10,100], n_neighbors=[1,10]) MLP (alpha=[0.0001,0.001], learning_rate_init=[0.001,0.01], power_t=[0.1,1], max_iter[50,300], momentum=[0.1,1], n_iter_no_change) NB (var_smoothing[0.0,1.0]) SMOTE (k[1,20], m[50,400], r [1,6]) SV50, SV66 RF (No. of trees) KNN (No.…”

mentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Literature Review on Software Vulnerability Prediction Models

Bassi,

Singh

2023

IEEE Access

View full text Add to dashboard Cite

The prediction of software vulnerability requires crucial awareness during the software specification, design, development, and configuration to achieve less vulnerable and secure software. Software vulnerability prediction is the process of model development that can be beneficial for the early prediction of vulnerable components at various granularity levels such as file, class, and method. Machine learning and deep learning techniques are gaining popularity in developing vulnerability prediction models. This paper performs a systematic review of primary studies from 2000 to 2022 in the literature that used machine learning and deep learning techniques for software vulnerability prediction. In addition to this, the paper understands the concept of resampling methods to handle imbalanced dataset problems; summarizes the important hyperparameter optimization methods to tune hyperparameters; explains the types of features, data pre-processing techniques, dimensionality reduction, and feature selection techniques. Furthermore, encapsulating the comparison of ML/DL techniques and highlighting the best technique is performed. The paper identifies seventy-seven research studies that use thirty-two machine learning and five deep learning techniques. Additionally, it identifies five different feature types, data pre-processing methods, thirty-seven datasets, nine data balancing techniques, twenty-six performance measures, six hyperparameter optimization methods, and the ranges of hyperparameters. Finally, guidelines for researchers to increase the productivity of software vulnerability prediction models have been illustrated in the paper.

show abstract

Section: Sv48mentioning

confidence: 99%

mentioning

confidence: 99%

A Systematic Literature Review on Software Vulnerability Prediction Models

Bassi,

Singh

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In vulnerability studies, issue tracking systems like Bugzilla, code repositories like Github, and vulnerability databases such as NVD, CVE, and CWE have been utilized [79]. In addition to these datasets, some studies have used Android [65,68,69] or web [63,70,72] (PHP source code) datasets.…”

Section: Data Mining In Vulnerability Analysismentioning

confidence: 99%

Data Mining and Machine Learning for Software Engineering

Kiyak¹

2021

Data Mining - Methods, Applications and Systems

View full text Add to dashboard Cite

Software engineering is one of the most utilizable research areas for data mining. Developers have attempted to improve software quality by mining and analyzing software data. In any phase of software development life cycle (SDLC), while huge amount of data is produced, some design, security, or software problems may occur. In the early phases of software development, analyzing software data helps to handle these problems and lead to more accurate and timely delivery of software projects. Various data mining and machine learning studies have been conducted to deal with software engineering tasks such as defect prediction, effort estimation, etc. This study shows the open issues and presents related solutions and recommendations in software engineering, applying data mining and machine learning techniques.

show abstract