A New Approach to Locate Software Vulnerabilities Using Code Metrics-Reference-Cited by-同舟云学术

A New Approach to Locate Software Vulnerabilities Using Code Metrics

Published:2020-07 Issue:3 Volume:8 Page:82-95
ISSN:2166-7160
Container-title:International Journal of Software Innovation
language:en
Short-container-title:

Author:

Zagane Mohammed¹^ORCID,Abdi Mustapha Kamel¹^ORCID,Alenezi Mamdouh²^ORCID

Affiliation:

1. Université Oran 1, Algeria

2. Prince Sultan University, Riyadh, Saudi Arabia

Abstract

Automatic vulnerabilities prediction assists developers and minimizes resources allocated to fix software security issues. These costs can be minimized even more if the exact location of vulnerability is correctly indicated. In this study, the authors propose a new approach to using code metrics in vulnerability detection. The strength part of the proposed approach lies in using code metrics not to simply quantify characteristics of software components at a coarse granularity (package, file, class, function) such as complexity, coupling, etc., which is the approach commonly used in previous studies, but to quantify extracted pieces of code that hint presence of vulnerabilities at a fine granularity (few lines of code). Obtained results show that code metrics can be used with a machine learning technique not only to indicate vulnerable components wish was the aim of previous approaches but also to detect and locate vulnerabilities with very good accuracy.

Publisher

IGI Global

Subject

Artificial Intelligence,Computer Graphics and Computer-Aided Design,Computer Networks and Communications,Computer Science Applications,Software

Reference28 articles.

1. Towards Cross Project Vulnerability Prediction in Open Source Web Applications

2. Evaluating Software Metrics as Predictors of Software Vulnerabilities

3. A validation of object-oriented design metrics as quality indicators

4. Catal, C. (2016). Can we predict software vulnerability with deep neural network? In Proceedings of the 19th International Multiconference INFORMATION SOCIETY - IS (pp. 19–22). Academic Press.

5. Development of a Software Vulnerability Prediction Web Service Based on Artificial Neural Networks

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Enhancing Software Co-Change Prediction: Leveraging Hybrid Approaches for Improved Accuracy;IEEE Access;2024

2. A deep learning‐based approach for software vulnerability detection using code metrics;IET Software;2022-07-06

3. Hybrid Representation to Locate Vulnerable Lines of Code;International Journal of Software Innovation;2022-03-04

4. EFFICIENT DEEP FEATURES LEARNING FOR VULNERABILITY DETECTION USING CHARACTER N-GRAM EMBEDDING;Jordanian Journal of Computers and Information Technology;2020