Visible to the public Early Identification of Vulnerable Software Components via Ensemble Learning

TitleEarly Identification of Vulnerable Software Components via Ensemble Learning
Publication TypeConference Paper
Year of Publication2016
AuthorsPang, Y., Xue, X., Namin, A. S.
Conference Name2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA)
Keywordscompositionality, early vulnerable software component identification, Ensemble Learning, Human Behavior, human factors, Java, Java Android applications, learning (artificial intelligence), Metrics, mislabeled data, object-oriented programming, Prediction algorithms, Predictive models, program testing, pubcrawl, Resiliency, robust software system, security of data, smart phones, software reliability, Software systems, software testing process, support vector machine, Support vector machines, supports vector machine algorithm, Training, Training data, Vulnerability, vulnerability detection, vulnerability detection scheme

Software components, which are vulnerable to being exploited, need to be identified and patched. Employing any prevention techniques designed for the purpose of detecting vulnerable software components in early stages can reduce the expenses associated with the software testing process significantly and thus help building a more reliable and robust software system. Although previous studies have demonstrated the effectiveness of adapting prediction techniques in vulnerability detection, the feasibility of those techniques is limited mainly because of insufficient training data sets. This paper proposes a prediction technique targeting at early identification of potentially vulnerable software components. In the proposed scheme, the potentially vulnerable components are viewed as mislabeled data that may contain true but not yet observed vulnerabilities. The proposed hybrid technique combines the supports vector machine algorithm and ensemble learning strategy to better identify potential vulnerable components. The proposed vulnerability detection scheme is evaluated using some Java Android applications. The results demonstrated that the proposed hybrid technique could identify potentially vulnerable classes with high precision and relatively acceptable accuracy and recall.

Citation Keypang_early_2016