Options
The effect of dimensionality reduction on software vulnerability prediction models
Publikationstyp
Journal Article
Date Issued
2016-12-09
Sprache
English
Journal
Volume
66
Issue
1
Start Page
17
End Page
37
Article Number
7779151
Citation
IEEE Transactions on Reliability 66 (1): 7779151, 17-37 (2017-03-01)
Publisher DOI
Scopus ID
Publisher
IEEE
Statistical prediction models can be an effective technique to identify vulnerable components in large software projects. Two aspects of vulnerability prediction models have a profound impact on their performance: 1) the features (i.e., the characteristics of the software) that are used as predictors and 2) the way those features are used in the setup of the statistical learning machinery. In a previous work, we compared models based on two different types of features: software metrics and term frequencies (text mining features). In this paper, we broaden the set of models we compare by investigating an array of techniques for the manipulation of said features. These techniques fall under the umbrella of dimensionality reduction and have the potential to improve the ability of a prediction model to localize vulnerabilities. We explore the role of dimensionality reduction through a series of cross-validation and cross-project prediction experiments. Our results show that in the case of software metrics, a dimensionality reduction technique based on confirmatory factor analysis provided an advantage when performing cross-project prediction, yielding the best F-measure for the predictions in five out of six cases. In the case of text mining, feature selection can make the prediction computationally faster, but no dimensionality reduction technique provided any other notable advantage.
Subjects
Computer security
machine learning
software metrics
text mining
MLE@TUHH
DDC Class
004: Informatik