Exploring Feature Extraction to Vulnerability Prediction Problem

• Autores: Vitor Antonio Apolinário, Guilherme Dal  Bianco, Denio Duarte, Valderi Reis
• Localización: New Trends in Disruptive Technologies, Tech Ethics and Artificial Intelligence: The DITTET 2022 Collection / Daniel Hernández de la Iglesia (ed. lit.), Juan Francisco de Paz Santana (ed. lit.), Alfonso José López Rivero (ed. lit.), 2023, ISBN 978-3-031-14858-3, págs. 79-90
• Idioma: español
• Texto completo no disponible (Saber más ...)
• Resumen

  • The growing use of technology makes the development of secure applications essential. In contrast, the secure software development cycle is a costly task, considering the human effort required to review application code for finding vulnerabilities. In order to minimize this cost (human effort), Vulnerability Prediction Models (VPMs) can be used by software development teams during inspection tasks. The VPM low precision makes its application unfeasible, because it indicates the waste of human effort during the inspection. One of the obstacles in the construction of efficient VPMs (i.e., high precision) is modeling meaningful features related to the vulnerabilities, specially in the initial training stages. In this work we compare a promising feature, extracted through another domain (i.e., defect prediction) techniques. We evaluated the feature within an active learning-based VPM through a simulation on real open source projects. Our results indicates that the feature looks promising in cost saving when applied to vulnerability inspection tasks.