Predicting vulnerable software components via text mining

Scandariato, Riccardo; Walden, James; Hovsepyan, Aram; Joosen, Wouter

Predicting vulnerable software components via text mining

Publikationstyp

Journal Article

Date Issued

2014-10-01

Sprache

English

Author(s)

Scandariato, Riccardo

Walden, James

Hovsepyan, Aram

Joosen, Wouter

TORE-URI

http://hdl.handle.net/11420/14886

Journal

IEEE transactions on software engineering

Volume

40

Issue

10

Start Page

993

End Page

1006

Article Number

6860243

Citation

IEEE Transactions on Software Engineering 40 (10): 6860243, 993-1006 (2014-10-01)

Publisher DOI

10.1109/TSE.2014.2340398

Scopus ID

2-s2.0-84908054379

Publisher

IEEE

This paper presents an approach based on machine learning to predict which components of a software application contain security vulnerabilities. The approach is based on text mining the source code of the components. Namely, each component is characterized as a series of terms contained in its source code, with the associated frequencies. These features are used to forecast whether each component is likely to contain vulnerabilities. In an exploratory validation with 20 Android applications, we discovered that a dependable prediction model can be built. Such model could be useful to prioritize the validation activities, e.g., to identify the components needing special scrutiny.

Subjects

machine learning

prediction model

Vulnerabilities

MLE@TUHH

DDC Class

004: Informatik

Options

Predicting vulnerable software components via text mining