• PDF / 941,452 Bytes
• 12 Pages / 595.276 x 790.866 pts Page_size
• 80 Downloads / 174 Views

DOWNLOAD

REPORT

ORIGINAL ARTICLE

Extracting rules for vulnerabilities detection with static metrics using machine learning Aakanshi Gupta1 • Bharti Suri2 • Vijay Kumar3

•

Pragyashree Jain4

Received: 6 January 2020 / Revised: 29 May 2020  The Society for Reliability Engineering, Quality and Operations Management (SREQOM), India and The Division of Operation and Maintenance, Lulea University of Technology, Sweden 2020

Abstract Software quality is the prime solicitude in software engineering and vulnerability is one of the major threat in this respect. Vulnerability hampers the security of the software and also impairs the quality of the software. In this paper, we have conducted experimental research on evaluating the utility of machine learning algorithms to detect the vulnerabilities. To execute this experiment; a set of software metrics was extracted using machine learning in the form of easily accessible laws. Here, 32 supervised machine learning algorithms have been considered for 3 most occurred vulnerabilities namely: Lawofdemeter, BeanMemberShouldSerialize,and LocalVariablecouldBeFinal in a software system. Using the J48 machine learning algorithm in this research, up to 96% of accurate result in vulnerability detection was achieved. The results are validated against tenfold cross validation and also, the statistical parameters like ROC curve, Kappa statistics; & Vijay Kumar [email protected] Aakanshi Gupta [email protected] Bharti Suri [email protected] Pragyashree Jain [email protected] 1

ASET, GGS Indraprastha University, New Delhi, India

2

University School of ICT, GGS Indraprastha University, New Delhi, India

3

Department of Mathematics, Amity Institute of Applied Sciences, Amity University Uttar Pradesh, Noida, India

4

Amity School of Engineering and Technology, New Delhi, India

Recall, Precision, etc. have been used for analyzing the result. Keywords Software metrics  Machine learning  Static code analysis  Supervised learning

1 Introduction and motivation In the field of software systems, vulnerability can be called a weakness or a state of exposure to threats such as hackers, viruses or unauthorized actions within a system (Islam and Zibran 2016; Russell et al. 2018; Shar et al. 2015). There is sometimes confusion between vulnerability and a risk. Vulnerability is a flaw or symptom of bad design practice being introduced within a software program, while a risk is any behaviour that might turn into a negative impact. Software vulnerabilities have now become one of the biggest concerns of the software development industry (Alves et al. 2016; Chowdhury and Zulkernine 2011; Kindy and Pathan 2011). Vulnerability may be a fault, defect, weakness, or error in a software system that causes attackers to harm it explicitly or implicitly (Kindy and Pathan 2011). Even though several efforts are being made to control and remedy vulnerabilities, a number of software attacks are still taking place, accounting for up to 200 billion of financial losses annually (Alves et al. 2016; Shin et al.

Recommend Documents

Malware Detection Using Machine Learning

334 66 1MB

A Machine Learning Approach to Dataset Imputation for Software Vulnerabilities

198 77 45MB

Static analysis for discovering IoT vulnerabilities

148 104 2MB

DDOS Detection Using Machine Learning Technique

200 7 574KB

Phishing Website Detection Using Machine Learning

206 21 29MB

Phishing URL Detection Using Machine Learning Techniques

220 13 57MB

Potential Subscriber Detection Using Machine Learning

214 6 88MB

Hardware Trojan Detection Using Machine Learning Technique

222 48 34MB

Machine Learning-Based Lightweight Android Malware Detection System with Static Features

188 106 22MB

Can machine learning model with static features be fooled: an adversarial machine learning approach

189 31 1MB

Malware Detection with Sequence-Based Machine Learning and Deep Learning

276 83 23MB

Machine Learning for Malicious URL Detection

193 81 27MB